Payloadify logoPayloadify

SQLi Payload Generator

Generate a SQL injection payload for a chosen dialect and injection point, with chainable info extraction, WAF-evasion obfuscation, and blacklist-character avoidance.

Use only on systems you own or are explicitly authorized to test.

Picking a specific technique or obfuscation below switches this to Custom automatically.

The generator picks the obfuscation that avoids these characters where possible.

Only UNION-based, error-based, and boolean-based-blind techniques use this — tautology, time-based blind, and stacked queries don't extract data. Chaining multiple fields fully applies to UNION-based/error-based only; boolean-blind uses just the first field.

Applied to the whole rendered payload as a final transport-layer step — e.g. URL-encoding for a GET parameter. Blacklist checking above applies to the raw SQL, not this final-encoded output.

Pick your options above, then click Generate payload.