well, i have seen alot of topic replies from people saying they do not understand tutorials or how sql injection works or they can't find a website to test to see if they got it right.


i will address those two problems now.


sql injection is manually (or via an automated program) inserting sql queries into a website url to extract information.

now, actually learning sql really and i mean really does help you understand sqli

sql is ridiculously reasy and the things you learn make you understand sqli heaps better. when you learn sql you will also be subjected to lots of other commands like drop, insert into, update etc. which you can use in sqli to cause even more havoc (by deleting entire tables, changing an admins password, making a new admin account for yourself for easy access).


now when it comes to looking for sites in two days i have seen a "50 uk sqli" injectectable websites post (roughly along that name) and just today a post with about 15 other websites all within the website and forum hacking sub forum and the sql injection sub forum.


now a few tips while learning sqli

1. learn mysql / sql (high recommended)
2. learn all the variations of sqli (the different ways people inject)
3. sqli manually before you try using automated programs, they don't always get it right
4. stick at it
5. stay confident