In this example a database named 'tweet_db' is created locally and the most recent tweets from my twitter account are stored in it.
There is an option to insert new tweets to the database by entering the Status ID of the tweet and then clicking on one of the two buttons.
Button 1: Inserts the tweet using a concatenation based SQL Query that is vulnerable to SQL Injection.
Button 2: Inserts the tweet using a Parameterized SQL Query that is safe against SQL Injection.
To demonstrate the SQL Injection attack, a special Tweet with attack payload is available with Status ID - 15878093528
Insert this special tweet using both the methods and see how the 'Insecure insert' makes this look like a tweet from Bill Gates.