damn it happened again. some genius "dev" didn't validate user input on a form field and now we're dealing with a sql injection vulnerability. never. trust. user. input