When I got here, there was no taint checking, no 'use strict', no '-w', loops which prepared the same SQL statement over and over again (no placeholders/bind_values - one of the consultants asked me what that was) and one SQL statement which forgot to strip/escape quotes from user input and pasted the input into a SQL statement. Global variables which spring into existance from who-knows-where and get used who-knows-where (on 3000 line scripts, not counting the modules, which are not real modules, just functions included from who-knows-where using a mismash of passed in and global variables!).

We are slowly getting things cleaned up, and writing new stuff alot better so it'll run under mod_perl (using Apache::Registry, we may eventually get around to writing actual mod_perl handlers), but its a nightmare working on the old code.