Even if old code or not someone should have shared security flaws because people just grab shit and don't check for security breaches, this SQL injection makes the hacker change your id so say it was id #1 commented in shoutbox hello crew #2 replied welcome back you could change which one commented into the chat.