{keyword}) Union All Select Null,null,null,null,null,null# May 2026

If this payload successfully returns a blank page instead of an error, it confirms to a tester that the application is vulnerable. From there, they can replace the NULL s with commands to extract sensitive data, such as: Usernames and passwords. Database version and configuration details. The entire contents of specific tables. How to Prevent It

: Only allow expected characters and formats. {KEYWORD}) UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL#

: This part attempts to "break out" of the existing SQL command. The closing parenthesis ) is used to close a function or a nested query that the developer originally intended. If this payload successfully returns a blank page

: In MySQL, the hash symbol marks the rest of the line as a comment . This effectively deletes any remaining parts of the original developer's code (like a trailing WHERE clause or a closing quote) that would otherwise cause a syntax error. Why This Matters The entire contents of specific tables

To protect your application from this type of attack, you should avoid building queries using simple string concatenation. Instead, use:

: This is a common reconnaissance technique. An attacker uses NULL values to determine the exact number of columns returned by the original query. If the number of NULL s doesn't match the original column count, the database will usually throw an error. By adding or removing NULL s, an attacker can find the correct structure.