-9108 — Union All Select 34,34#

This is a textbook SQL Injection test. The attacker is trying to see if they can manipulate your database output. If you see "34" pop up where a username or product should be, you’ve got a vulnerability.

If your app can be tricked by a string like -9108 UNION ALL SELECT 34,34# , your database is wide open. This snippet tests if a query's column count matches the injection (in this case, 2 columns). -9108: Invalidates the primary query. UNION ALL: Merges a second result set. SELECT 34,34: The "dummy" data being retrieved. #: The comment character that kills the trailing SQL. Check your inputs today at OWASP SQL Injection Guide . #CodingTips #Backend #SQL #DatabaseSecurity Option 3: Short & Punchy (Social Media/X) -9108 UNION ALL SELECT 34,34#

In a real-world scenario, attackers use this to "force" the database to return their own data alongside legitimate query results. The -9108 is often an intentionally invalid ID meant to clear the "real" results so that only the injected 34,34 appears in the output. This is a textbook SQL Injection test