Now, go launch Security Shepherd, navigate to Challenge 5, and watch that script extract the key. Then, ask yourself: Is my own application leaking Boolean oracles like this?
admin' || '1'='1' /* Password: anything