ugh, logged a sql injection vulnerability on our public facing api. who does this, don't people even test for basic security checks anymore?