1186

It's that time of the year again! (files.mastodon.social)

submitted 9 months ago by masimatutu@nerdica.net to c/programmer_humor@programming.dev

58 comments fedilink hide all child comments

files.mastodon.social/media_at…

you are viewing a single comment's thread
view the rest of the comments

[-] GBU_28@lemm.ee 4 points 9 months ago

Other reply s accurate but it's always a good practice to include the semicolon else you can get

"Bobby tables'ed" look that xkcd comic up

[-] docAvid@midwest.social 8 points 9 months ago

I'm not sure how including a final semicolon can protect against an injection attack. In fact, the "Bobby Tables" attack specifically adds in a semicolon, to be able to start a new command. If inputs are sanitized, or much better, passed as parameters rather than string concatenated, you should be fine - nothing can be injected, regardless of the semicolon. If you concatenate untrusted strings straight into your query, an injection can be crafted to take advantage, with or without a semicolon.

[-] GBU_28@lemm.ee 2 points 9 months ago* (last edited 9 months ago)

Yep it would only work if you didn't sanitize a user input string in this case 'nice'

They could write ''; drop table blah;

[-] krotti@sh.itjust.works 1 points 9 months ago

Wouldn't that still apply, if you can inject straight SQL, such as "query' OR 1=1?"

this post was submitted on 09 Dec 2023

1186 points (97.4% liked)

Programmer Humor

19207 readers

469 users here now

Welcome to Programmer Humor!

This is a place where you can post jokes, memes, humor, etc. related to programming!

For sharing awful code theres also Programming Horror.

Rules

Keep content in english
No advertisements
Posts must be related to programming or programmer topics

founded 1 year ago

MODERATORS

Feyter@programming.dev

anzo@programming.dev

BurningTurtle@programming.dev