Head to the SQL Injection section in the DVWA
Check for the database with a ‘
Enter User ID as 1 to see how the database work.
Send the request to burpsuite.
Clear the payload and add the id= input.
I use the SQL payload list from here
Observe the payload with the different payload length.
Try out the successful payloads.