1. 12
  1.  

  2. 4

    I am on OP’s side that the University has acted badly. Especially the belittling/demeaning letter was all but a good response. Also, imho intent should be valued more than the strict interpretation of the rules.

    However, OP should not have - under any circumstance - issued OR 1=1. The only legally safe SQLi is one that doesn’t access any data; e.g. ' (single quote) or AND 1=2. You then stop when you see an error message and notify the authorities (i.e. campus IT).

    1. 2