\begin{frame}[fragile]
  \frametitle{SQL Injection}

  \vspace{-1ex}
  \begin{exampleblock}{Website with Login Screen}
    \vspace{-.5ex}
    \begin{tcenter}
    \begin{tikzpicture}
      \node (n) [anchor=east] at (0,0) {Name:};
      \node [ro=n,rectangle,draw,fill=yellow!10,minimum width=30mm,minimum height=4mm,align=left] {\sql{\alt<-2>{Maria}{\alert{Joe' -\,-}}}};
      \node (n) [anchor=east] at (0,-5mm) {Password:};
      \node [ro=n,rectangle,draw,fill=yellow!10,minimum width=30mm,minimum height=4mm,align=left] {\sql{\alt<-2>{12345}{who cares}}};
    \end{tikzpicture}
    \end{tcenter}
    \vspace{-1ex}
  \end{exampleblock}
  
  \begin{code}{\textwidth}{Server Side SQL}
    \begin{lstlisting}[language=Java]
String userName = // name that the user has entered
String userPassword = // password that the user has entered

ResultSet rs = stat.executeQuery(
  "select balance from accounts " +
  "where  name = '" + userName + "'" + 
  "   and password = '" + userPassword + "'"
);
    \end{lstlisting}
  \end{code}
  \pause\vspace{-2ex}
  
  \begin{code}{\textwidth}{The Resulting SQL Query}
    \sql{select balance from accounts}\\
    \alt<-3>{\sql{where name = \textquotesingle{}Maria\textquotesingle{} and password = \textquotesingle{}12345\textquotesingle{}}}
    {\sql{where name = \textquotesingle{}Joe\textquotesingle{} \textcolor{gray}{-\,- \textquotesingle{} and password = \textquotesingle{}who cares\textquotesingle{}}}}
  \end{code}
  \pause\pause
  \begin{alertblock}{}
    \alert{SQL injection} is a very common mistake! Very dangerous!
  \end{alertblock}
\end{frame}