Most modern web applications implement some kind of database, and SQL is the most popular language to make queries to databases. In an SQL injection (SQLi) attack, the attacker seeks to abuse the communication between an application and a database by making the application send altered queries via the injection of SQL commands in form inputs or any other parameter in requests that are used to build an SQL statement in the server.

In this recipe, we will test the inputs of a web application to see whether it is vulnerable to error-based SQLi.