How NOT to protect against SQL injection (view source!) ping.fm/42LGW