Re: What century is this?!
A years ago I was working for a small software company that made most of its money peddling web stores to small mom and pop type companies the e-store code was an in-house POS classic asp based monstrosity that every time we got a new customer would be copied from the last.
As you would expect in this scenario it was a total mess of ancient spaghetti code and then one day we woke up to find one of the customers had been hit by an automatic SQL injection script and was now trying to download a bunch of malware to anyone who viewed the site.
This obviously needed a fix, so a proper fix would be to go through every place in the code where a variable was incoming and do a proper validation.
But that was far too expensive for the boss when you take into account we were at that point managing ~30 of these messes all with slightly different code for each customer.
So the "genius" fix the boss came up with was to look at all incoming data from the browser the global.asax file and if it saw a single quote or a semicolon it would stop processing the request.
making it impossible to receive any business from any O'leary or the like.