{keyword}' Union All Select Null,null,null,null,null,null,null,null From Msysaccessobjects-- Udhz May 2026

These can often detect and block common patterns like UNION ALL SELECT before they reach your server.

Only allow the types of characters you expect (e.g., numbers for an ID field). These can often detect and block common patterns

Appends a new set of results to the original query [2, 5]. These can often detect and block common patterns

Matches the number of columns in the original table. Attackers use NULL to figure out how many columns they need to match without causing a data type error [2, 3]. These can often detect and block common patterns

Breaks out of the intended data field in a SQL query.

A system table in Access that contains information about database objects. If successful, the attacker can see if they have access to system metadata [1, 4].