@wmd@chaos.social definitely, even computer science at university would give high grades to code littered with sql injections

but this is a project that uses prepared statements everywhere else, except for a critical lookup with sort-of user-supplied data...