Possible Duplicate:
How anonymous used UTF-16 ASCII to fool PHP escaping
(Reposted here as per request). A few months ago, anonymous took down a child pornography site using SQL-injection. I read in this article that anonymous claimed that "the server was using hardened PHP with escaping," but they were able to "bypass it with with UTF-16 ASCII encoding." What does that mean Anonymous, exactly? How do I protect my site from a similar attack?
