Description of how Defender works you can find at our site here. Also there is more information about code injections at wikipeida.

All examples below are not real and will not hurt any site. They just show how Defender could block attacks. And also you can use them to test if defender works.

1. uploading script with URLs using holes in other soft:
http://siteurl/?var=http://somesite.com/script.php

script could have any extention, txt, jpg etc. siteurl accordingly your site URL.

2. almost the same with SQL querries:
http//siteurl/?var=SELECT `passw` FROM 'table' WHERE name='admin'

3. same code could be used entering in text forms, fields etc. and if there is whole in component and server adjustements are not optimal there is possibility for injection. Defender block this attacks the same way.

Simply insert double colon separated name of component and value name that JDefender triggered.
For example this link:

The exeption will be looks like:

The exception could be added for PHP and SQL injections only.

Here is regular expressions for,

SQL injection:

PHP injection:

Note: before inserting this options be sure there is no additional hidden char, Also you better turn on only queries in seconds rule for Anti-flood protection until more delicate tunes will require. The value for flood per second should be around 15-30.