Well, some people do really get clueless sometimes; I was delighted when I first implemented a search box on my site, it wasn't until very recently that I discovered a huge flaw in it. Here's what I've been using as code:
my $node = param('node');
if ($node) {
my $ref = chady::db::runSQL("SELECT * FROM nodes WHERE title REGEXP \"
+$node\" OR contents REGEXP \"$node\" ");
...
..
This was a case of production code that went published without review... the more scarry is that some people test and review, are aware of what they are doing, and still do it.
He who asks will be a fool for five minutes, but he who doesn't ask will remain a fool for life.
Chady | http://chady.net/