In order to bypass this security mechanism, SQL code has to be injected on to the input fields. However a security mechanism employed on the web page restricts from putting any special characters on the input. One of the easiest method bypass this security mechanism is to craft the POST requests, bypassing the client side security. This can be done using Mantra (Hackbar, Tamper Data, Live HTTP Headers, Chickenfoot etc.) or some man in the middle proxy like ZAP.