Help with SQL injection

Well i am pretty confused with sql injecting. I was told several different things some where you look and modify in the url and others in the source. Well i dont really know what i am doing, i open the source and copy it too note pad and i am not sure what to change. I have tried changing this which is a wild guess.

              <input type="hidden" name="id" value="7"  />
              <input type="hidden" name="enrol" value="manual" />

              <input type="submit" value="Enrol me in this course" />

to this which i thought would work maybe by changing password to x or ' = 1–

              <input type="hidden" name="id" value="7"  />
              <input type="hidden" name="enrol" value="manual" />

              <input type="submit" value="Enrol me in this course" />

I i tried several other things and i am not sure what i do. I saved it as an html and when i open it up everything looks right. i can see the password i type but then when i click enter it just puts up an error page can not be displayed. so i am new to sql injecting and i would like to learn please any help i can get would be great! thanks.:o

Yeah, well, it'll only make sense if you know PHP, the basics of HTTP POST- and GETing, and if you ever configured and used a SQL server.

So yeah.

okay.. so learn php?

SpencerC9992 wrote: okay.. so learn php?

Yup. PHP and SQL. Have fun!

Learn PHP and SQL and then you'll have your answer. They are both really helpful.

w3schools.com is a pretty good website to learn it if you don't want to go out and spend a lot. Just pay attention and you'll get it.

I would also recommend http://www.sqlzoo.net. It has pretty good tutorials and quizzes for the myriad of SQL servers out there. The only other advice I can give is to run your own server and just start playing with PHP. Personally, using the command-line version of mySQL helped me learn SQL faster.