i don't see how this is anything more than yet another lesson in why you should escape strings from external data soures unless you have a very good reason not to... interesting example though.