Comments out the rest of the original query so it doesn't cause a syntax error [1, 5]. How to Prevent It:
A system table in Access that contains information about database objects. If successful, the attacker can see if they have access to system metadata [1, 4].
The best way to stop these attacks is to never "glue" user input directly into your database queries. Instead, use: Comments out the rest of the original query
This is the gold standard. It treats user input as literal text, not executable code [6].
Sources:[1] microsoft.com[2] portswigger.net[3] geeksforgeeks.org[4] sqlinjection.net[5] owasp.org[6] owasp.org The best way to stop these attacks is
Matches the number of columns in the original table. Attackers use NULL to figure out how many columns they need to match without causing a data type error [2, 3].
Breaks out of the intended data field in a SQL query. Sources:[1] microsoft
Are you working on or just curious about how these injection patterns work?