I am on OP’s side that the University has acted badly. Especially the belittling/demeaning letter was all but a good response. Also, imho intent should be valued more than the strict interpretation of the rules.
However, OP should not have - under any circumstance - issued OR 1=1. The only legally safe SQLi is one that doesn’t access any data; e.g. ' (single quote) or AND 1=2. You then stop when you see an error message and notify the authorities (i.e. campus IT).
I am on OP’s side that the University has acted badly. Especially the belittling/demeaning letter was all but a good response. Also, imho intent should be valued more than the strict interpretation of the rules.
However, OP should not have - under any circumstance - issued
OR 1=1. The only legally safe SQLi is one that doesn’t access any data; e.g.'(single quote) orAND 1=2. You then stop when you see an error message and notify the authorities (i.e. campus IT).Already posted, albeit under a different blog, so I don’t blame you.