we have restricted the use of the following characters to avoid SQL injections:

-- , ; , OR , AND , LIKE , = , < , > , union