There are certain characters that cannot be used when creating a reference. They will often create an error message when you attempt to use them.
These characters are apostrophe ( ‘ ) and ampersand (@).
These are reserved SQL commands and will interpret the reference as part of a command.
In general, these characters are sometimes used in what is sometimes called a “SQL Injection attack”. This is where someone types in a single quote, hoping the programmer was not careful enough. This single quote ends a SQL statement, and what follows is interpreted as the next command. So sometimes people do nasty things like add a single quote then type in DELETE DATABASE XYZ. Not nice!
Throughout Time Manager we use only techniques that check for and strip out any such attempt to inject SQL script into the system, so your data is safe.
Posted by Ian Matthews 
Lucy Penny
Ian Matthews
Dave Penny
Carl
Netta Keogh
