Hi!

Basically if you know SQL syntax (like being a web developer) then the queries have a lot of sense, it’s not like “let’s see what happens if I add UNION here”, this injections are based on knowledge. Getting the correct number of columns is guessing indeed.
And it also depends on how the web application works, but yeah, basically you can use a,b,c,d,e instead. And as mentioned in the lecture we are adding our code to the original query by the web application, that’s why the UNION statement is used, to join both queries.

Greetings!
Diego