145

Found in psycopg docs (gregtech.eu)

submitted 1 day ago by lena@gregtech.eu to c/programmer_humor@programming.dev

9 comments fedilink hide all child comments

top 9 comments

sorted by: hot top controversial new old

[-] abbadon420@lemm.ee 24 points 1 day ago

Putting the psyco in psycopg

[-] 9point6@lemmy.world 17 points 1 day ago

Flashbacks to one of my early freelance PHP gigs I did about 2 decades ago where I opened up the existing backend source code to find a load of unsanitised user input directly from the query string getting interpolated into the various SQL queries the application made. Part of me also feels like the "bobby tables" xkcd already existed by this point, so I've got no idea how that website managed to not get nuked before I refactored it.

To top it all off, of course the application authenticated with the database using the root user...

Thankfully I think that was the worst I ever discovered in the wild

[-] cm0002@lemmy.world 12 points 1 day ago

Im gonna manually merge values to a query

[-] 30p87@feddit.org 7 points 1 day ago

Why is it only a yellow warning, and not a red one?

[-] vithigar@lemmy.ca 19 points 1 day ago

There's an edge case where you want the guys in balaclavas to show up.

[-] Quetzalcutlass@lemmy.world 10 points 23 hours ago

When you hope they're dyslexic and show up with delicious baklavas instead.

[-] lena@gregtech.eu 7 points 22 hours ago

That's how I read it at first

[-] mmddmm@lemm.ee 4 points 22 hours ago

To add. The specific edge case where you want to do the balaclava thing is when you are concatenating internally generated column and table names, operators, and entire conditions with extra parameters that you will add the correct way.