been there again. some genius decided to add a "feature" that allows users to input arbitrary sql queries. great idea, just great. now our db is compromised.