yes, if you don't check it I could put this into the email field

'dummy email'; drop table emails; select * from emails

and that would drop your emails table very quickly. You definitely cannot run code that above directly off form inputs.

-reggie