{keyword} And 8756=(select 8756 From Pg_sleep(5)) -

Treat all user input as "guilty until proven innocent."

Attackers use commands like PG_SLEEP to confirm vulnerabilities when the database doesn't return direct error messages. If the page takes 5 seconds longer to load, they know they’ve found a hole. How to stay safe: {KEYWORD} AND 8756=(SELECT 8756 FROM PG_SLEEP(5))

I was just looking at a classic example of a attack: {KEYWORD} AND 8756=(SELECT 8756 FROM PG_SLEEP(5)) Treat all user input as "guilty until proven innocent