{keyword}');select Pg_sleep(5)-- May 2026

: This closes the original SQL function and terminates the statement.

The string is a classic example of a SQL injection (SQLi) payload designed for Time-Based Blind SQL injection . 🛠️ Anatomy of the Payload {KEYWORD}');SELECT PG_SLEEP(5)--

: Ensure the database user for the web app cannot execute administrative commands like PG_SLEEP . : This closes the original SQL function and

If the page takes (or more) to load, you have confirmed a PostgreSQL Injection vulnerability . 🛡️ How to Fix It If the page takes (or more) to load,

: This is the "gold standard." It treats all input as data, never as executable code.

This specific string is used to test if a database is vulnerable to "blind" attacks, where the server doesn't return data directly but its response time reveals information.

Security professionals use this to confirm a vulnerability exists without damaging data.