Re: What century is this?!
i inherited a lot of "select * from table where thing = '" + strinput + "'" in an aspx intranet. I was bloody frightening they hadnt been hit before. Idiots.
But try getting a) budget or b) time from Management to fix this stuff, you'll get the 'it works so don't touch it' excuse.