The introduction of the XMLHttpRequest component (*) opened the doorway for a new breed of "fancy schmancy" web applications like Flickr, GMail, etc. This, in turn, spawned an entire sub-industry and a new series of buzzwords seemingly based on the names of household cleaning chemicals. It even incremented the current version of the Internet to 2.0.

That said, it should come as no surprise that this Borax-technology has also empowered "certain programmers" to create new perversions in information technology never imagined before. Gustavo Carvalho discovered what happens when XMLHttpRequest and the Eval() function in PHP are combined. I'll leave it to your immagination as to what the server-side looks like ...

function saveform()
{
  var firstName = escapeSql(mainForm.elements.txtFirstName.value);
  var lastName = escapeSql(mainForm.elements.txtLastName.value);
  /* ... */
  var offerCode = escapeSql(mainForm.elements.txtOfferCode.value);

  var code =
  '  $cn = mssql_connect($DB_SERVER, $DB_USERNAME, $DB_PASSWORD)           ' +
  '          or die("ERROR: Cannot Connect to $DB_SERVER");                ' +
  '  $db = mssql_select_db($DB_NAME, $cn);                                 ' +
  '                                                                        ' +
  '  if (mssql_query("SELECT 1 FROM APPS WHERE SSN=\''+ssn+'\'", $cn)) ' +
  '  { $ins = false; }                                                     ' +
  '  else                                                                  ' +
  '  { $ins = true; }                                                      ' +
  '                                                                        ' +
  '  if ($ins) {                                                           ' +
  '    $sql = "INSERT INTO APPS (FIRSTNM, LASTNM, ..., OFFERCD) VALUES ("; ' +
  '    $sql+= "\''+firstName+'\',";                                        ' +
  '    $sql+= "\''+lastName+'\',";                                         ' +
  '    $sql+= "\''+offerCode+'\')";                                        ' +
  '                                                                        ' +
  '  /* ... */                                                             ' +
  '                                                                        ' +
  '  mssql_query($sql, $cn);                                               ' +
  '  mssql_close($cn);                                                     ';

  execPhp(code);
}

(*)  XmlHttpRequest is the thing that lets programmers utilize client-side browser scripting to communicate with the web server without direct user intervention