pattern analysis for SQL Injection not very clear- please elaborate

[GoogleCodeExporter]

Regarding SQL Injection,I could check in your blog that

 'when testing for string-based SQL injection, we compare the results of passing '"original_value, \'\"original_value, and \\'\\"original_value. When the first response is similar to the third one, but different from from the second one - we can, with a pretty high confidence, say that there is an underlying query injection vulnerability (even if query results can't be observed directly). ' 

Can you please elaborate on this a little more?? 

Note: before submitting, check:
http://code.google.com/p/skipfish/wiki/KnownIssues

Original issue reported on code.google.com by ssvkames...@gmail.com on 17 Aug 2011 at 6:09

[GoogleCodeExporter]

Please don't file questions as bugs. The design of SQL checks should be fairly 
evident from the various accompanying documentation, and is essentially aimed 
to check if the first and last response resulted in a potential syntax error, 
while the middle one went through OK.

Original comment by lcam...@gmail.com on 17 Aug 2011 at 6:19

• Changed state: Invalid

[GoogleCodeExporter]

Is there any documantation available to help us understand the issue type 
overview(categories and memos) such as the ones shown below:

    undefined (2)
        Memo: response to -2^31 different than to -12345
        Memo: response to %dn%dn%dn... different than to %nd%nd%nd...
        Memo: response suggests arithmetic evaluation on server side
        Memo: responses to `true` and `false` different than to `uname`
        Memo: responses for <sfish></sfish> and </sfish><sfish> look different
        Memo: text/plain
        Directory listing restrictions bypassed (5)
        Memo: unique response for /./

Original comment by ssvkames...@gmail.com on 18 Aug 2011 at 6:53