ergophobe - 11:33 pm on Mar 25, 2013 (gmt 0)
I know. The idea is that the template layer should be open to designers and designers can't be trusted to not get online, look up some SQL tutorial and deciding that it will be a good idea to write something like this into their template:
db_query("SELECT `nid` FROM `node` WHERE `nid` LIKE '" . $GET['unsanitized_user_var']);
And... goodbye website!