this post was submitted on 24 Feb 2025
406 points (98.6% liked)

Technology

65007 readers
4086 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
406
Life isn't easy if your last name is 'Null' as it still breaks database entries the world over (www.pcgamer.com)
submitted 1 week ago by cm0002@lemmy.world to c/technology@lemmy.world
75 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] solrize@lemmy.world 65 points 1 week ago (3 children)

/me changes name to '); DROP TABLE STUDENTS; --.

[–] Chozo@fedia.io 44 points 1 week ago (1 children)

Dammit, Bobby!

[–] __nobodynowhere@sh.itjust.works 4 points 1 week ago

That boy ain't right

[–] funkajunk@lemm.ee 35 points 1 week ago

Oh. Yes. Little Bobby Tables, we call him.

[–] ZILtoid1991@lemmy.world 3 points 1 week ago (4 children)

Are there character escapes for SQL, to protect against stuff like that?

[–] solrize@lemmy.world 11 points 1 week ago (1 children)

Yes but it's a dangerous process. You should use paramatrized queries instead.

[–] sugar_in_your_tea@sh.itjust.works 1 points 1 week ago* (last edited 1 week ago)

Yup, then it becomes a front-end problem to deal with wonky input. As a backend dev, this is ideal, just give me data and I'll store it for ya.

[–] purplemonkeymad@programming.dev 10 points 1 week ago

Use parameters, that way data and queries are separate.

[–] Septimaeus@infosec.pub 3 points 1 week ago* (last edited 1 week ago)

Input sanitization typically handles this as a string that only allows characters supported by the data type specified by the table field in question. A permissive strategy might scrub the string of unexpected characters. A strict one might throw an error. The point, however, is to prevent the evaluation of inputs as anything other than their intended type, whether or not reserved characters are present.

[–] sugar_in_your_tea@sh.itjust.works 1 points 1 week ago

Only noobs get hit by this (called SQL injection). That's why we have leads review code...