SQLi is the basic of website hacking as all today have a database , Lets learn SQL Basics to easily understand the SQLi or SQL Injection techniques used in following tutorials.

The Database Hierarchy
First of all there are users which can have access to multiple databases, then a database can have multiple tables then a table can have multiple Columns and columns have data in each row.

This is an example database.

Here is an example of the most basic type of Select query.

Output will be:

Where * stands for all the columns and “table1” is the table name.

so for example we don’t want all the columns but only some selected colulms in output then the query will be.

Output will be:

so let us try some basic conditions now to limit the output.

Output will be:

lets try some other conditions with string type columns.

Output will be:

When ever we are facing a SQL injection. Something query this is running inside the application. So once we assume what the query is we can easily start injecting into it. Following are some common possiblities of queries you can face:

[#] If Query is taking any numerical input

All the above queries will give same output.

[#] If Query is taking any string input

All the above queries will give same output.

For Example when we see any url like “http://fakesite.com/report.php?id=23” we can easily assume what query may be working inside. And that is the first step of SQL injection.

So if we assume for the above url our Assumption Queries will be the following:

Well for this Tutorial this is enought. In the next tutorial i will show you how can you find out the correct query out of these assumption queries using some simple tests, and get confirmed. Once we will be confirmed, we will start injecting and understand the whole backend process at the same time.


What Do You Think on This ? Say Here