How to Identify a Site Vulnerable to an SQL Injection Attack

If a web page accepts text entry (for example a user name and password) then try entering a string that contains one single quote.

A vulnerable site may behave oddly given this input. You may see an error message such as that shown:

Error message from a vulnerable site