After troubleshooting an upgrade, I discovered the difficulty was caused by icms_core_DataFilter::addSlashes not having any default characters for addcslashes() to produce the same output as addslashes() would - it escapes single quote, double quote, backslash, and NUL.

What happened was Protector would stop the save and say it detected an SQL injection. With Protector disabled, I was able to save, but several records weren't updated, because SQL complained about the syntax. The content being saved had a single quote in it. I also encountered some characters being converted.