{keyword} Union All Select - Null,null,null,null,null,null,null-- Pvwz

Example (Python/psycopg2): cursor.execute("SELECT * FROM users WHERE name = %s", (user_input,))

Ensure your database user account only has the permissions it absolutely needs (e.g., a web app shouldn't have permission to drop tables). Example (Python/psycopg2): cursor

: This is a comment operator in SQL. It tells the database to ignore the rest of the original query, preventing errors from trailing code. How to Prevent This the database usually throws an error.

: The attacker uses NULL values to figure out exactly how many columns the original table has. If the number of NULL s doesn't match the original column count, the database usually throws an error. Example (Python/psycopg2): cursor