I'm working with injections and tricks behind them so I came across with the way of commenting MySQL queries by #.
As all we know about using named anchors in HTML, in this case of injecting to URL, # works like an HTML named anchor and doesn't mean harmful for running the query.
The question is why this happens and why PHP doesn't include # as the rest of the input directly? (e.g. ?id=2547#)
Hashes are handled locally by the browser, not sent to the server. E.g. if you write a URL
http://yourdomain.com/script.php?param=foo#id=1234#
the browser just sends GET /script.php?param=foo to the server. When the response comes back, it searches for the id=1234 anchor in the HTML and scrolls down to it.
If you want to send the comment to the server, it needs to be percent-encoded:
http://yourdomain.com/script.php?param=foo%23id=1234%23