#In a GET request: $ sqlmap -u "http://example.com/?a=1&b=2&c=3" -p "a,b" #In a POST request: $ sqlmap -u "http://example.com/" --data "a=1&b=2&c=3" -p "a,b" --method POST