163

Found in psycopg docs (gregtech.eu)

submitted 3 weeks ago by lena@gregtech.eu to c/programmer_humor@programming.dev

10 comments fedilink hide all child comments

top 10 comments

sorted by: hot top controversial new old

[-] abbadon420@lemm.ee 29 points 3 weeks ago

Putting the psyco in psycopg

[-] 9point6@lemmy.world 20 points 3 weeks ago

Flashbacks to one of my early freelance PHP gigs I did about 2 decades ago where I opened up the existing backend source code to find a load of unsanitised user input directly from the query string getting interpolated into the various SQL queries the application made. Part of me also feels like the "bobby tables" xkcd already existed by this point, so I've got no idea how that website managed to not get nuked before I refactored it.

To top it all off, of course the application authenticated with the database using the root user...

Thankfully I think that was the worst I ever discovered in the wild

[-] cm0002@lemmy.world 11 points 3 weeks ago

Im gonna manually merge values to a query

[-] 30p87@feddit.org 10 points 3 weeks ago

Why is it only a yellow warning, and not a red one?

[-] vithigar@lemmy.ca 28 points 3 weeks ago

There's an edge case where you want the guys in balaclavas to show up.

[-] Quetzalcutlass@lemmy.world 13 points 3 weeks ago

When you hope they're dyslexic and show up with delicious baklavas instead.

[-] lena@gregtech.eu 7 points 3 weeks ago

That's how I read it at first

[-] mmddmm@lemm.ee 4 points 3 weeks ago

To add. The specific edge case where you want to do the balaclava thing is when you are concatenating internally generated column and table names, operators, and entire conditions with extra parameters that you will add the correct way.