The concat(floor(rand(0)*2),0x3a,( roughly does the same... the result would be something like 1:aUserName:UsersPassword... further help please give some more details (RDBMS, the part before the "union".. http://-the-index-luke.com /sql/where-clause/bind-parameters. THEN in an SQL SELECT? mysql> select concat(user,0x3a,password,0x3a,host) from mysql.user limit 0,1;. concat(user,0x3a,password,0x3a,host) will be something like. delay. in that way the attacker can obtain 1 bit of information per request.. The SQL is trying to read user data from the My-Sql user table which. 4,10321743. . plug-ins with easy to exploit holes and you can then the search engines to find these vulnerable systems on a very large network quickly.