Thanks to Mike for sending in this WTF on a tutorial about PHP and MySQL security. Every PHP developer should know about the hazards of SQL injection. In fact it is important enough to be an offical part of the PHP documentation.

Perhaps the author who wrote this tutorial should have read the manual before declaring that PHP and MySQL doesn't allow SQL injection vulnerabilities any more and providing some pretty moot examples. Here is an excerpt from the article that describes how SQL Injections can happen.

Thanks to Andreas D. for sending this one in. This PHP code generates a heirachical menu in a not so nice way.

• WTF #1 is for being very 'fugly' code. Nobody should indent with more than 4 spaces!
• WTF #2 is the menu class. This class really has no point other than to hold two values which can be done with a simple array. See my example below.
• WTF #3 is this $menu[$i][$j][0][0][0]->target. There's nothiing like a 5 dimensional array to make a really simple thing like menu generation really difficult.

Be sure to shield your eyes and don't look directly at this code...