How very dare you?!
The man is a was in National Treasure!
Another day, another injection flaw. It's almost as if people haven't worked out input sanitisation yet. It's only been 20 years or so since the first exploit.
You can't rely on anything submitted by the client to your Web server as somehow safe because it's assumed to have been generated/checked on the client by your code.
Mine's the one with the treasure map and '); delete from table articles where content like %ragging on hollywood's greatest actor%; --)