Apache Mod Security SQL Injections and Variable Names

We recently upgraded our server which was running a higher version of apache Mod Security. One of my jQuery edit in line HTTP POST requests was suddenly returning a 406 Not Acceptable error which was pretty annoying.

It was because I was using a variable called type=varChar which was used to define what sort of data was being sent. Apache Mod Security was flagging this as:

[vb]
[msg "SQL Injection Attack"] [data "varchar"]
[/vb]

So I changed all occurences of varChar to vc which has now fixed the issue.

Will remember in future to never use variable names like that again.