I've been working on a site, that shows the classes of my school for a while now. The other day i found a SQL injection on the site. I get this after setting the var "id" to ( ''- ).
Microsoft OLE DB Provider for ODBC Drivers error '80040e14'
[Microsoft][ODBC SQL Server Driver][SQL Server]Incorrect syntax near '-'.
/include/functions.asp, line 175
Now one of my friends told me to check and see if the vulnerability really is there. I do not know alot about Sql injection, neither my friend. So could anyone tell me how i should check for this. What should i type in to like see some of the colums? Or see the passwords i made on the database with the usernames. Its just a test server right now, so all the passwords is 1235 and 12343, and user names are test1 and so on. So could anyone tell me how i should inject the site, and see if the vul really is there?