This is likely a or "signature" used by an automated vulnerability scanner (such as Burp Suite, SQLmap, or Acunetix).
: NULL is used because it is compatible with almost any data type (integers, strings, dates, etc.). This is likely a or "signature" used by
: The database returns a row of empty data. The attacker now knows the table has 6 columns and can proceed to more dangerous injections, such as UNION SELECT username, password, NULL... to steal sensitive information. such as UNION SELECT username