Like XSS, but nasty stuff is intended for your server or database

Different set of code/data delimiters:

Database escapes and wildcard characters

Shell escapes, wildcards, and metacharacters