Mega'and(select*from(select Sleep(2))a//union//select 1)=' Site

If the website takes exactly 2 seconds longer than usual to load, the attacker knows the site is vulnerable to SQL injection. :

: Only allow expected characters. For example, if a field is for a username, don't allow special characters like ' , ( , or * . If the website takes exactly 2 seconds longer

: Log in as an administrator without a password. don't allow special characters like '

: Ensure the database user account used by the web app only has the minimum permissions necessary (e.g., it shouldn't be able to drop tables or shut down the database). developers should follow these best practices:

To protect an application from this specific type of attack, developers should follow these best practices:

Mega'and(select*from(select Sleep(2))a/**/union/**/select 1)=' Site

Mega'and(select*from(select Sleep(2))a//union//select 1)=' Site