SQL injection occurs when user-supplied input is not escaped properly when it is inserted into an SQL ... the character code used was 'C027' in hexadecimal and '11000000 00100111' in binary.