Likely the intended legitimate input for a search or filter feature. ;
// UNSAFE: Vulnerable to the injection provided const query = "SELECT * FROM articles WHERE topic = '" + userInput + "'"; // SAFE: Parameterized query const query = "SELECT * FROM articles WHERE topic = $1"; const values = [userInput]; db.query(query, values, (err, res) => { // The database treats $1 strictly as data, even if it contains "SELECT PG_SLEEP(5)" }); Use code with caution. Copied to clipboard {KEYWORD};SELECT PG_SLEEP(5)--
Instead of concatenating strings, use placeholders ( $1 , $2 ) to safely handle user input. javascript Likely the intended legitimate input for a search
The payload attempts to force the database to pause, confirming a vulnerability exists if the server's response is delayed. topic: {KEYWORD} const values = [userInput]