If the page loads normally, the attacker knows the database is expecting 6 columns.
: The database executes: SELECT col1, col2, col3, col4, col5, col6 FROM products WHERE name = '' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL--' . If the page loads normally, the attacker knows
: The database returns a row of empty data. The attacker now knows the table has 6 columns and can proceed to more dangerous injections, such as UNION SELECT username, password, NULL... to steal sensitive information. The attacker now knows the table has 6
This is a SQL operator used to combine the result sets of two or more SELECT statements into a single result set. : Any code that was supposed to follow
: Any code that was supposed to follow the input (like a closing quote or a WHERE clause) is ignored by the database, preventing syntax errors that would break the injection. 5. GoJB
: NULL is used because it is compatible with almost any data type (integers, strings, dates, etc.).
If the page returns an error (like "The used SELECT statements have a different number of columns"), the attacker will try again with five or seven NULL values until the error disappears. 4. -- (The Comment) In SQL, double-dashes signify the start of a comment.