{keyword}' Union All Select Null,null,null,null,null,null,null,null From Msysaccessobjects-- Udhz [ 4K ]

Sources:[1] microsoft.com[2] portswigger.net[3] geeksforgeeks.org[4] sqlinjection.net[5] owasp.org[6] owasp.org

This is the gold standard. It treats user input as literal text, not executable code [6]. Sources:[1] microsoft

These can often detect and block common patterns like UNION ALL SELECT before they reach your server. Sources:[1] microsoft