Except, the bad code as shown requires whitespace (\s) before and after the "bad" terms, so the names the Daily WTF post mentions should pass through it.

  if (preg_match('/\s['.implode('|',$badSqlCode).']+\s/i', $sqlcode))

They probably didn't realize this wouldn't catch any of the bad terms at the very start or end of their code, though :-)