When testing sql injection with this command:
?idProduct=-1+UNION+SELECT+1,2+FROM+users--
I am getting this error:
Microsoft OLE DB Provider for ODBC Drivers error '80040e14'
[Microsoft][ODBC SQL Server Driver][SQL Server]Incorrect syntax near the keyword 'UNION'.
/productdisplay.asp, line 36
I have tried adding a quotation mark before UNION, but get another error message on unclosed quotation marks. What I think I should be aiming for is to get the "must have equal expression of target sites" error message. Can anyone help me out?