{keyword}' Union All Select Null-- Xiuj Apr 2026

Selects NULL values to match the number of columns in the original query. NULL is used because it is compatible with almost all data types.

Combines the results of the original, intended query with the results of a new, malicious query. {KEYWORD}' UNION ALL SELECT NULL-- xIuj

Closes the original input string, allowing the attacker to break out of the intended query structure. Selects NULL values to match the number of

Comments out the rest of the original SQL query, preventing syntax errors caused by the remaining code. Purpose and Techniques SQL injection UNION attacks | Web Security Academy Closes the original input string, allowing the attacker

The query ' UNION ALL SELECT NULL-- is a classic payload used in attacks to determine the structure of a database query. It is used when an application is vulnerable to SQL injection and returns query results directly in its HTTP responses.