I havetested this snippet, it is vulnerable! Add the ,n parameter to all $read statements!!! Use /help $read for more info.