kxcd on SQL injection

This joke is priceless ...

If they had used db_query() with %d or %s, this would not have happened. 

Contents: