Well, not really...it wasn't my code. But, I'd never actually seen a SQL injection before.
The culprit? A page that pulls management bios from a database and displays them.
Moral of the story? Don't embed form variables (or URL variables) directly in your SQL queries without first verifying them!
The culprit? A page that pulls management bios from a database and displays them.
Moral of the story? Don't embed form variables (or URL variables) directly in your SQL queries without first verifying them!