'
, "
, #
, ;
, )
, *
,%
) in an input could lead to SQL errors sometimes echoed back to the users for debugging. This would indicate an entry point not sanitized enough and thus potentially vulnerable to SQL injection.some.website/?parameter=value
some basic useful payload to detect vulnerable inputs are: