[Pauldotcom] Episode 161 SQL Exploit?

[lists at truthisfreedom.org.uk]

Hi all,

I've just finished listening to Ep. 161 and Paul talked about an SQL  
statement that he had used as part of the CTF last week that created a  
PHP script on the fly and executed ShellCmds on a server.

I'd be v. interested in seeing this to try and prevent it from  
happening on my systems but I can't find it in the show notes.

Anyone got any ideas as to where I can find this?

Thanks,

M.