I read an article introducing 'Blind SQL Injection'. I've never heard this word before though, I'll try to show how it works.

Japanese article is here:
OWASP AppSec USA 2013 レポート（前編）：深刻な「ブラインドSQLインジェクション」の脅威 (2/2) - ＠IT

Let's say there is a website which has 1 item table with columns of id, name, price. And it also has a web form which gets id from user and show the correspond item. I mean a query would be issued inside the website like this:

select name, price from items where id = %id

What will happen if user gives "1 and 1 = 1" instead of just id? The query would be this:

select name, price from items where id = 1 and 1 = 1

As you know, "1 = 1" is true so the user can get the item No.1.

As for next, let's say the user gives "1 and 1 = 2". "1 = 2" is obviously false so the user will get no items on the screen.

Now I'm getting on to the real thing. Let's consider when the user gives "1 and substring(CURRENT_USER from 1 for 1) = 'a'". The query would be this:

select name, price from items where id = 1 and substring(CURRENT_USER from 1 for 1) = 'a'

If current database user's name starts with 'a', the item would be shown on the screen but if not no items are shown. This is the idea of "Blind SQL Injection". This is an attack of trying to achieve information from the difference of responded pages. According to the article above, we can get some tools doing this kind of attacks easily.