This is my little guide to SQL Injections:

Ah, here we go.

[URL=http://www.w*schools.com/sql/default.asp]http://www.w*schools.com/sql/default.asp[/URL]

You can learn all about SQL and what it's for here. I'm not gonna try to explain all of that, this is only for injections.
------------------------------------------------

Now, suppose you are at a site called [URL=http://www.candycanestotehmax.com]www.candycanestotehmax.com[/URL]. You have to login to this site to see the candy canes. The login page is like this:

Code:
www.candycanestotehmax.com/login.php
Now you try logging in with a bogus name and password. The URL now becomes something like:

Code:
www.candycanestotehmax.com/login.php?user=johnny&password=nicetry
You obviously weren't able to log in. But now you want to see if the login is vulnerabel to SQL injection. Try playing around a bit with the URL.

Code:
www.candycanestotehmax.com/login.php?user=a'&password=*=*
OR
Code:
www.candycanestotehmax.com/login.php?user=*=*&password=*'
OR
Some other combanation, there should be apostrophes and/or equal statements (*=*) because these tend to confuse servers.

Anyways, you should see some wierd error, but if you don't, don't fret, there still could be a vulnerability (known as Blind SQL Injection).

-----------------------------------------------

Well now suppose you've found a vulnerablitly to SQL injections on candycanestotehmax.com. Break down the URL and convert it into SQL. When you see this URL:

Code:
www.candycanestotehmax.com/login.php?user=johnny&password=nicetry
It's actually sending two SQL queries, one for a username match and one for a passowrd match. It looks like this (let's assume the name of the table is "login"):

Code:
SELECT username FROM login WHERE username='johnny'
SELECT password FROM login WHERE password='nicetry'
But there is no username johnny or password nicetry in the database, so therefore you can't login. But now you know a vital piece of info: The table "login" contains all the usernames and passwords. It would be nice if we could view this table.
------------------------------------------

So we find somewhere where we can enter text, sometimes this is the login field, other times you actually have to enter it in the URL, usually after the ? in a php page. But assume you have to enter it in the login. In the username field, enter a command so you can view the usernames on the table "login".

Code:
SELECT username FROM login
This would display the list of usernames in the table login. You can go back and edit the injection so it shows you the passwords also.
------------------------------------------

Well, thanks for reading my tutorial, I hope you learn something

-Moonbat