Blind SQL injection is similar to normal SQL Injection, the only difference is the way the data is retrieved from the database. When the database does not output data to the web page, as seen in error-based and union-based SQLi, an attacker is forced to steal data by asking the database a series of true or false questions. This makes exploiting the SQL Injection vulnerability more difficult, but not impossible.