: The database returns a row of empty data. The attacker now knows the table has 6 columns and can proceed to more dangerous injections, such as UNION SELECT username, password, NULL... to steal sensitive information.
: The attacker wants the database to return the results of the original query plus the results of their injected query. : The database returns a row of empty data
: The database executes: SELECT col1, col2, col3, col4, col5, col6 FROM products WHERE name = '' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL--' . such as UNION SELECT username
: For a UNION to work, the second query must have the exact same number of columns as the first query. 3. SELECT NULL,NULL,NULL,NULL,NULL,NULL : The database returns a row of empty data