{keyword}' Union All Select Null,null,null,null,null,null,null,null From Msysaccessobjects-- Udhz Now

Matches the number of columns in the original table. Attackers use NULL to figure out how many columns they need to match without causing a data type error [2, 3].

The best way to stop these attacks is to never "glue" user input directly into your database queries. Instead, use: Matches the number of columns in the original table

Only allow the types of characters you expect (e.g., numbers for an ID field). 5]. How to Prevent It:

Comments out the rest of the original query so it doesn't cause a syntax error [1, 5]. How to Prevent It: Matches the number of columns in the original table