This is an example from a book I've read, but I don't understand how it works.
A web admin may attempt to block SQL injections by blocking input containing the apostrophe character.
However, an input containing double encoding may be able to defeat the filter.
eg : %2527
Why is this so ? The book stated that %2527 will become %27 after decoding it. What's the process behind it ?
If the filter blocks the apostrophe character, %2527 should become 27 ? As %25 represents an apostrophe.
Guidance is appreciated.