I've heard stories about SQL Injection for SQL Server...is there any for mySQL? I tried doing it, using the '#' as a comment sign, and it just gave me syntax errors...here is what i typed:

Code:
';" DROP TABLE Test #
But, nothing works...

So, just in case, if it finds these chars:

Code:
#
--
'
;
<
>
It will redirect them back, before it even checks the database...is that good solution? What could smart people do to get around that?