SQL injection with SQL error help

We can use SQL error to help with SQL injection, for example in SQL Server:

SQL query, if you use a GROUP BY clause, the field in the clause must match the field in the Select condition (non-aggregate function) exactly, if it is a select *, then all the column names in the table must be included in group by;

The column ' column name ' in the select list is not valid because the column is not contained in an aggregate function or a GROUP by clause.

The column names for this hint are in the order of the table, and we can use this to enumerate all the columns in the SQL injection.

First Use SELECT * from table name, having 1=1

At this point in the error message is the first column name,

Then select * from table name, group by first column name

At this point in the error message is the second column name,

And so on, all columns are enumerated

Similarly, with the error hint, you can also know a lot of information, for example, the query condition and the actual type of column name does not match, there will be type conversion failure prompt, such as:

SELECT * FROM Class
where name=3

Prompt: Failed to convert nvarchar value ' high ' to data type int.

So we can know the first line of the name column;

Wait a minute.

Of course, the database error is generally not directly displayed in the application interface, the application interface prompts are entirely determined by the program, (PS: This is also the reason for the error page)!

SQL injection with SQL error help