A web admin may attempt to block SQL injections by blocking input containing the apostrophe character.
However, an input containing double encoding may be able to defeat the filter.
eg : %2527
Why is this so ? The book stated that %2527 will become %27 after decoding it. What's the process behind it ?
Guidance is appreciated.
Edited by Cohensalve, 28 July 2013 - 10:36 AM.