Ridoy pointed to a page showing an example of such an attack. But the example could be a little cryotic for someone who does not understand the background.
The hacker starts with adding a " UNION SELECT ALL 1--". When you do a UNION query, both SELECT statements of the query must have the same number of columns.
That is, the hacker expects a query like
SELECT some columns
FROM ATable
WHERE AColumn=
and then the value from the query string is just appended. Hence that would result in
SELECT some columns
FROM ATable
WHERE AColumn=1 UNION SELECT ALL 1
The query causes the error message you show in your comment to Ridoy's answer when the original query selects more than one column. Then the hacker adds more "columns" to his UNION statement, until no error is shown: then he knowsthe number of columns selected.
You may test your SQL injection skills with a page discussed in the Hall of Shame:
Alcatraz ~ the tourist website[
^]. They seem to have many columns, so the SQL error attack shown on another page of Evil SQL is more productive.