1234' and account=NULL; -- For mysql, there must be white space after --. You are identified as name userid. – We know account is a valid field name, because. 1234' and acct=NULL; --Unknown column 'acct' in 'where clause'. – Gives a different message. Introduction. Some Attack Strings.