SQL Injection through /include/findusers.php