From 55be348a9c31f5e9107d2b1e53ba8e5757529258 Mon Sep 17 00:00:00 2001
From: Nick Grimshaw <nick@inviga.co.uk>
Date: Thu, 3 Jan 2013 12:16:46 +0000
Subject: [PATCH] Fixed a minor typo.

---
 _posts/06-01-01-Databases.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/_posts/06-01-01-Databases.md b/_posts/06-01-01-Databases.md
index bf20ecb..cfaa556 100644
--- a/_posts/06-01-01-Databases.md
+++ b/_posts/06-01-01-Databases.md
@@ -38,7 +38,7 @@ $pdo->query("SELECT name FROM users WHERE id = " . $_GET['id']); // <-- NO!
 
 This is terrible code. You are inserting a raw query parameter into a SQL query. This will get you hacked in a
 heartbeat. Just imagine if a hacker passes in an inventive `id` parameter by calling a URL like
-`http://domain.com/?id=1%3BDELETE+FROM+users`.  This will set the `$_GET['id']` variable to `id=1;DELETE FROM users`
+`http://domain.com/?id=1%3BDELETE+FROM+users`.  This will set the `$_GET['id']` variable to `1;DELETE FROM users`
 which will delete all of your users! Instead, you should sanitize the ID input using PDO bound parameters.
 
 {% highlight php %}