$q              = param("q");  if (!$q || $q eq ""){$q = "home";}

...

$rid            = md5_hex(rand(999999999999999));

...

if ($q eq "dbsetup"){
        ...
        $dbh    = DBI->connect("DBI:mysql:$MYSQL{database}:$MYSQL{serv
+er}:3306",$MYSQL{user}, $MYSQL{pass},{ RaiseError => 0, AutoCommit =>
+ 1 });
        ...
        $dbh->do("DROP TABLE users");
        $dbh->do("CREATE TABLE users (sid TEXT, user TEXT, pass TEXT, 
+userlevel char(1))");
        ...
}

...

sub getmonthname{
     my($nr) = @_;
        #my%names;
        $names{1} = "januari";
        $names{2} = "februari";
        $names{3} = "maart";
        $names{4} = "april";
        $names{5} = "mei";
        $names{6} = "juni";
        $names{7} = "juli";
        $names{8} = "augustus";
        $names{9} = "september";
        $names{10} = "oktober";
        $names{11} = "november";
        $names{12} = "december";

   return $names{$nr};
}

...

my$email = param("email");
if ($email){$reply = $email;}else{$reply = "mailer-deamon\@CENSORED.nl
+"}
open (SENDMAIL,"|mail -s 'Reactie formulier CENSORED' $contactto -f $r
+eply") || &printerror;
[download]

This is all the same 1200 line index.pl (a CGI script). In this script,

• no value is escaped anywhere
• no DBI placeholders are used
• every SELECT is SELECT *
• every fetch is @row = $sth->fetchrow_array
• dates are stored in a TEXT column in dd/mm/yyyy (or dd-mm-yyyy) format
• ... or even in three different TEXT columns
• lexicals are used for only a third of all variables
• the DBI->connect(...) is repeated everywhere
• virtually no error checking is done and it is usually even explicitly disabled (RaiseError => 0)
• half of all code is HTML
• there are lots of if (!$foo || $foo eq "") { $foo = "..." }
• everything is hard coded (don't let %MYSQL fool you: that too is hard coded)
• both Dutch and English are used, sometimes even in one place: "day", "maand", "jaar" (database columns), "newsoverzicht"
• is a banner of the proud author:

          #-----------------------------------------------#
          #                 Site Script                   #
          #                                               #
          #             Designed for CENSORED             #
          #         by CENSORED CENSORED CENSORED         #
          #                                               #
          #-----------------------------------------------#
  [download]

Gotta love fixing broken features in this code. It is dangerously insecure, and there's no money available te replace it, and making it secure without replacing it entirely is exactly as much work.