fix typo

289ea744 · Alvin Cheung · 2ce725ac · 289ea744
Commit 289ea744 authored May 24, 2018 by Alvin Cheung
--- a/hw8/hw8.md
+++ b/hw8/hw8.md
@@ -256,7 +256,7 @@ search "Seattle WA" "Boston MA' and actual_time > 300 and dest_city='Boston MA"

 Whoa! You get only flights longer than 300 min. Now type this:
 ```
-search "Seattle WA" "Boston MA'; create table Foo(a int); SELECT year, month_id,day_of_month,carrier_id,flight_num,origin_city,actual_time from Flights where origin_city = 'Seattle WA" 1 14 10
+search "Seattle WA" "Boston MA'; create table Foo(a int); SELECT month_id,day_of_month,carrier_id,flight_num,origin_city,actual_time from Flights where origin_city = 'Seattle WA" 1 14 10
 ```

 Check that this statement actually did successfully create a new table (hint: do not try this with `DELETE FROM Flights`). Imagine if it did other things instead like drop tables or look up the list of customers and their passwords. This is called [SQL injection](https://en.wikipedia.org/wiki/SQL_injection):  hackers like to do it on Website interfaces to databases. Implement your own search function instead, and comment out the first line in `transaction_search` that calls `transaction_search_unsafe` in `Query.java` to call the safe version instead that you will implement by using `PreparedStatements`.