Silver's Home
  • Communities
  • Create Post
  • heart
    Support Lemmy
  • search
    Search
  • Login
  • Sign Up
@cm0002@lemmy.world to Technology@lemmy.worldEnglish • 3 months ago

Life isn't easy if your last name is 'Null' as it still breaks database entries the world over

www.pcgamer.com

external-link
message-square
76
fedilink
414
external-link

Life isn't easy if your last name is 'Null' as it still breaks database entries the world over

www.pcgamer.com

@cm0002@lemmy.world to Technology@lemmy.worldEnglish • 3 months ago
message-square
76
fedilink
Hopefully not the headline of this article. *Peeks*
  • @solrize@lemmy.world
    link
    fedilink
    English
    65•3 months ago

    /me changes name to '); DROP TABLE STUDENTS; --.

    • Chozo
      link
      fedilink
      44•3 months ago

      Dammit, Bobby!

      • ⛓️‍💥
        link
        fedilink
        English
        4•3 months ago

        That boy ain’t right

    • funkajunk
      link
      fedilink
      English
      35•3 months ago

      Oh. Yes. Little Bobby Tables, we call him.

    • @ZILtoid1991@lemmy.world
      link
      fedilink
      English
      3•3 months ago

      Are there character escapes for SQL, to protect against stuff like that?

      • @solrize@lemmy.world
        link
        fedilink
        English
        11•3 months ago

        Yes but it’s a dangerous process. You should use paramatrized queries instead.

        • @sugar_in_your_tea@sh.itjust.works
          link
          fedilink
          English
          1•
          edit-2
          3 months ago

          Yup, then it becomes a front-end problem to deal with wonky input. As a backend dev, this is ideal, just give me data and I’ll store it for ya.

      • @purplemonkeymad@programming.dev
        link
        fedilink
        English
        10•3 months ago

        Use parameters, that way data and queries are separate.

      • @Septimaeus@infosec.pub
        link
        fedilink
        English
        3•
        edit-2
        3 months ago

        Input sanitization typically handles this as a string that only allows characters supported by the data type specified by the table field in question. A permissive strategy might scrub the string of unexpected characters. A strict one might throw an error. The point, however, is to prevent the evaluation of inputs as anything other than their intended type, whether or not reserved characters are present.

      • @sugar_in_your_tea@sh.itjust.works
        link
        fedilink
        English
        1•3 months ago

        Only noobs get hit by this (called SQL injection). That’s why we have leads review code…

Technology@lemmy.world

!technology@lemmy.world

Subscribe from Remote Instance

Create a post
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !technology@lemmy.world

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots


  • @L4s@lemmy.world
  • @autotldr@lemmings.world
  • @PipedLinkBot@feddit.rocks
  • @wikibot@lemmy.world
  • 6.09K users / day
  • 10.4K users / week
  • 17.3K users / month
  • 37.6K users / 6 months
  • 70.5K subscribers
  • 15K Posts
  • 657K Comments
  • Modlog
  • mods:
  • @L3s@lemmy.world
  • enu
  • Technopagan
  • L4sBot
  • L3s
  • @L4s@hackingne.ws
  • BE: 0.19.3
  • Modlog
  • Instances
  • Docs
  • Code
  • join-lemmy.org