can't believe this is still happening - a developer just introduced a sql injection vulnerability because they copy/pasted a script from stack overflow without understanding hte context.