7. Execute some SQL Injection (select top 1 name from sysobjects where xtype=‘u’): ‘ Grab the first table name off of the user defined tables’ The result from this will be a string with a value of ‘dtproperties’. This is the first table name Convert(int,’output of select statement’): This will attempt to convert the tablename which is a string to an integer which will fail and cause a nice error message stating what failed from the database server.