3: Accessing the Database
You can now attempt to extract some information, first you must find out how many columns the current database in use has.
At the end of the query string, type “order by 1–” and press enter. Here is an example URL:
http://www.onlineshop.com/product.php?id=123 order by 1–
the double dash represents the start of a comment in SQL and so causes any other SQL code in the line after your input to be ignored. Your browser will most likely replace the spaces in the URL with %20, although this makes the URL less readable this is fine.
There should now not be an SQL related error, keep incrementing the order by number until you again see an error. The last number that didn’t produce an error is the number of columns, keep note of this number.
View original post 251 more words