if errors are gracefully handled and only shown generic messages in it, instead of vebose messaging. there wont be any difference in the application's response. we can try SQLi by triggering time delays depending on whether an injected condition is true or false.
SQL is processed synchronously, so if we delay the execution of a query then it also delays the HTTP response. from this, it can determined the truth of the injected condition based on the time taken to receive the HTTP response.
time delays are specific to db.
Microsoft SQL Server:
will not work since 1=2 is false
will trigger a 10 seconds delay, 1=1 is true
'; IF (1=2) WAITFOR DELAY '0:0:10'--
'; IF (1=1) WAITFOR DELAY '0:0:10'--