Yeah, the other exploit strings do innocuous stuff like putting up javascript alerts or touching files, but the SQL injection ones aren't innocuous at all. I wonder if there's something better to replace those with. Something like `1'; CREATE TABLE blns ...--` would be more akin to what the shell exploits do.