I'm not sure if this says more about #php or more about #malicious actors: https://waritschlager.de/sqlinjections-i.. Almost half of the #google results contain a #sqlinjection #vulnerability ... In general, *always* assume all #userinput is complete garbage and cannot be trusted.