1. 1
  1.  

  2. 1

    He describes a way of getting information when you can repeatedly run arbitrary SQL, but can only get a single bit (error or no) in response. Solution: don’t let users run arbitrary SQL.