: They use "NULL" to figure out exactly how many columns your database table has without triggering a data-type error.
If you expect a zip code, don't accept a string that starts with UNION . {KEYWORD} UNION ALL SELECT NULL,NULL,NULL-- DJGP
Instead of building strings, use prepared statements. This treats input as "data" rather than "executable code." : They use "NULL" to figure out exactly