The symbols I should be aware of for SQL injection

Question

I know that you cure all of the stuff with mysql_real_escape_string() (and with htmlspecialchars()), but I want to know the symbols that cause all this

Answer 1

From the PHP Manual:

mysql_real_escape_string() calls MySQL's library function mysql_real_escape_string, which prepends backslashes to the following characters: \x00, \n, \r, \, ', " and \x1a.