1195
It's that time of the year again! (files.mastodon.social)
submitted 2 years ago by masimatutu@nerdica.net to c/programmer_humor@programming.dev
58 comments fedilink hide all child comments

files.mastodon.social/media_at…

you are viewing a single comment's thread
view the rest of the comments
[-] GBU_28@lemm.ee 4 points 2 years ago

Other reply s accurate but it's always a good practice to include the semicolon else you can get

"Bobby tables'ed" look that xkcd comic up

[-] docAvid@midwest.social 8 points 2 years ago

I'm not sure how including a final semicolon can protect against an injection attack. In fact, the "Bobby Tables" attack specifically adds in a semicolon, to be able to start a new command. If inputs are sanitized, or much better, passed as parameters rather than string concatenated, you should be fine - nothing can be injected, regardless of the semicolon. If you concatenate untrusted strings straight into your query, an injection can be crafted to take advantage, with or without a semicolon.

[-] GBU_28@lemm.ee 2 points 2 years ago* (last edited 2 years ago)

Yep it would only work if you didn't sanitize a user input string in this case 'nice'

They could write ''; drop table blah;

[-] krotti@sh.itjust.works 1 points 2 years ago

Wouldn't that still apply, if you can inject straight SQL, such as "query' OR 1=1?"

this post was submitted on 09 Dec 2023
1195 points (97.5% liked)

Programmer Humor

25448 readers
1095 users here now

Welcome to Programmer Humor!

This is a place where you can post jokes, memes, humor, etc. related to programming!

For sharing awful code theres also Programming Horror.

Rules

founded 2 years ago
MODERATORS
Feyter@programming.dev
anzo@programming.dev
BurningTurtle@programming.dev
pylapp@programming.dev