PortSwigger Web Security Academy/SQL injection in WHERE clausePortSwigger — SQLi in WHERE clause (filter products)Bypass the category filter with a UNION-based SELECT against a known column count.Webeasy#web#sqli#unionMay 16, 2026