Go to google homepage and search for inurl:php?id=
You will get probably thousands of result.Now open any page and add a apostrophe ( ‘ )to the end of the url.Example if the Url was http://www.mytargetsite.com/php?id=34 it should be now http://www.mytargetsite.com/php?id=34’
If you get a SQL syntax error then this website can be vulnerable to SQL injection.Now you should use Havij on this URL.
NOTE:This tutorial is for only educational and testing purposes.In some countries SQL injection is an offence.
