{keyword}' | And (select Chr(100)||chr(85)||chr(102)||chr(83) From Sysibm.sysdummy1)=chr(100)||chr(85)||chr(102)||chr(83) And 'ikjv'='ikjv

CHR(100)||CHR(85)||CHR(102)||CHR(83) translates to the string "dUfS" .The code asks the database: "Does dUfS equal dUfS?" Since this is always true, the database will process the request without an error.

This is a final "always true" statement used to ensure the rest of the original, legitimate SQL query doesn't break the injection. What is the Goal?

If the page loads, the answer is "Yes." If it fails, the answer is "No." By repeating this, they can extract entire databases character by character. How to Prevent This