|Main Archive Page > Month Archives > full-disclosure-uk archives|
Dear Brian Eaton,
--Monday, May 21, 2007, 6:22:21 PM, you wrote to firstname.lastname@example.org:
BE> If the SQL engine is processing queries in ASCII or ISO-8859-1, the BE> conversion from unicode to the code page used by the engine will fail. BE> Either the engine will give up on the query, or it might substitute a BE> question mark (?) for the unconvertible character.
It's not true, because it's quite convertible character. At least for IIS:
where test.asp is
BTW: It may be used to bypass keyword based filtering to create, e.g. porn pages available through any corporate firewall. See