Mistři v programování na #hovnokod

Java #997

I never had a great deal of confidence in his coding ability, so the SQL injection vulnerabilities aren't a great surprise, but I had though he would have known of the existence of the OR operator. http://thedailywtf.com/Articles/The-New-TODO-and-More.aspx

String searchString="select * from ProjectAndTask_view"; 
if (searchWhere !=""){
  searchString=searchString + " where ProjectCode like '" + searchWhere + "%' union " ;
  searchString=searchString + "select * from ProjectAndTask_view where ProjectDesc like '" + searchWhere + "%' union " ;
  searchString=searchString + "select * from ProjectAndTask_view where TaskCode like '" + searchWhere + "%' union " ;
  searchString=searchString + "select * from ProjectAndTask_view where TaskDesc like '" + searchWhere + "%'" ; 
} 
searchString = searchString + " ORDER BY sortval";

HovnoKod,