Basic 9 help

I have found that basic9//.*** is sql injectable. I remember something similar to this on another basic hacking (it had family_db in the command, Im trying to avoid spoilers). Well, I am at a brick wall at this point. How can I find out what to put at the end of the sql_query 'SELECT * FROM XXXX' ? ("XXXX" is what I would like to find)

Sorry for the bump, but it anyone at all can give me even the smallest hint, I would be glad.

I am stuck at the same point for quite a while now, just wondering if this part is just that easy, as to the fact that no one has posted any help on this one. A push in the right direction would be appreciated.

I have the exact same problem as you all, the werid thing is I'm having the feeling that Basic 8 is copied directly into this one???? :s

I solved basic 9 before I solved 8… after that 8 was the difficult one, not 9… so it's just the order in which you solve them. Don't think about basic 8 or any similarities between them, you're now working on 9.