{keyword}') Union All Select Null,null,null,null,null,null,null-- Hofz Instant

: The attacker uses NULL values to figure out how many columns are in the original database table. If the number of NULL s doesn't match the number of columns in the original query, the database will return an error.

If you found this in your website's logs, it means someone (or an automated bot) was . It is a common sign of a "SQLi" attack. To protect your application, you should: : The attacker uses NULL values to figure

Are you seeing this in your , or are you testing the security of your own code ? It is a common sign of a "SQLi" attack

: Use parameterized queries so that user input is never executed as code. : Ensure all data entered by users is

: Ensure all data entered by users is cleaned and validated before it hits your database.

: A WAF can often block these types of patterned attacks automatically.