(adsbygoogle = window.adsbygoogle || []).push({}); I am not saying that i am a genius and i am not saying that I'm the best at this either, I'm just giving people the knowledge about SQL that they need to know before they start even thinking about SQLI. (and please correct me on any info that i have got wrong)

First off SQLI stands for search query language injection. SQLI is a process of which you put certain commands into a VULNERABLE url. It is important that the website is vulnerable. If The website you are trying to inject is not vulnerable then it is pointless to even try. I will put programs at the bottom of the thread to programs that will help you with finding vulnerable websites and on how to check for there vulnerable columns. You Cannot Inject a website without an injection point, an injection point is like id=1234. for example:
[url]www.example123.com/id=1234[/url]
sometimes it is tricky to find out the columns of websites. sometimes you need to put in a false statement such as 1=2. it can be any false statement from 0=1 to 1=9999999 it really doesn't matter. an example would be [url]www.example123.com/id=1234[/url] and 1=2 (goes on). Putting the and before the false statement is crucial. Also another thing, any command through sqli must end in a --. so for example:
[url]www.example.com/id=1234[/url] union select 1,2,table_name,4,5 from information.schema_tables--
Some websites dont allow spaces in there URL so you must use something Elsa such as /**/ so for example:
[url]www.example.com/id=1234/**/order/**/by/**/10--[/url]
Sometimes some tables are only read in ASCII (a computer number coding language) and have to be coded into ascii. the most common time this is done is when you want to see a table. for example:
[url]www.example.com/id=1234[/url] union select 1,2,table_name,4,5 from information.schema_tables were table_name=admin
but how it should look is:
[url]www.example.com/id=1234[/url] union select 1,2,table_name,4,5 from information.schema_tables were table_name=char(97,100,109,105,110)

any info i missed i will edit back into this post
links:
hajiv V1.4 for finding out the vulnerable column and extra goodies---> You must login or register to view this content.
sql poison V3.0 for finding vulnerable websites ---> You must login or register to view this content.

Nice way to spam....

============================
Why is this tutorial still in this section?