Life isn't easy if your last name is 'Null' as it still breaks database entries the world over
-
This post did not contain any content.
I was NaN years old when I learned this.
-
A couple years ago I wanted to write a simple website with SQL injection vulnerability, so I could demonstrate sqlmap to someone
It was surprisingly difficult (and every fiber in my body screamed)
Imagine how hard it is to be this bad. Yet still people manage to do it.
-
Legacy systems still handle more traffic than modern ones, I’d wager
any govt system.
-
/me changes name to
'); DROP TABLE STUDENTS; --.Are there character escapes for SQL, to protect against stuff like that?
-
Are there character escapes for SQL, to protect against stuff like that?
Input sanitation typically handles this as a string that only includes characters supported by the data type of the table in question. While in transit, the strings might be escaped at certain stages, such as via URL encoding. Though this is considered poor practice in many applications, it’s not uncommon to see. The point, however, is to prevent the evaluation of inputs as anything other than their intended type, whether or not reserved characters are present.
-
Wordpress is a sin against mankind.
Let's take a blog and slap a whole e-commerce system on it through a plugin and let it auto translate with another one, what could go wrong. wait why is everything so slow, oh i need additional plugins for caching and one more for functionality XYZ why is everything broken now?!?
-
Wordpress is a sin against mankind.
Let's take a blog and slap a whole e-commerce system on it through a plugin and let it auto translate with another one, what could go wrong. wait why is everything so slow, oh i need additional plugins for caching and one more for functionality XYZ why is everything broken now?!?
-
Wordpress is a sin against mankind.
Let's take a blog and slap a whole e-commerce system on it through a plugin and let it auto translate with another one, what could go wrong. wait why is everything so slow, oh i need additional plugins for caching and one more for functionality XYZ why is everything broken now?!?
-
Wordpress is a sin against mankind.
Let's take a blog and slap a whole e-commerce system on it through a plugin and let it auto translate with another one, what could go wrong. wait why is everything so slow, oh i need additional plugins for caching and one more for functionality XYZ why is everything broken now?!?
-
Wordpress is a sin against mankind.
Let's take a blog and slap a whole e-commerce system on it through a plugin and let it auto translate with another one, what could go wrong. wait why is everything so slow, oh i need additional plugins for caching and one more for functionality XYZ why is everything broken now?!?
-
Wordpress is a sin against mankind.
Let's take a blog and slap a whole e-commerce system on it through a plugin and let it auto translate with another one, what could go wrong. wait why is everything so slow, oh i need additional plugins for caching and one more for functionality XYZ why is everything broken now?!?
-
Are there character escapes for SQL, to protect against stuff like that?
Use parameters, that way data and queries are separate.
-
Are there character escapes for SQL, to protect against stuff like that?
Yes but it's a dangerous process. You should use paramatrized queries instead.
-
Legacy systems still handle more traffic than modern ones, I’d wager
And it's probably not seen as urgent enough an issue to need replacing the whole system for.
-
This post did not contain any content.
NULL!= 'NULL'How do devs make this mistake
-
NULL!= 'NULL'How do devs make this mistake
How do devs make off by one mistakes.
-
Yep. For the curious, any time a license plate photo couldn’t be fully read by the automated system, it was marked as “NULL” and he was flagged as the driver. So every single red light camera and speeding camera in the area was sending him to court every day.
It got worse than this, the ticketing company really wanted to get the money from him so when he got hold of a copy of the records and pointed out that one ticket was for a completely different car they modified the records on their end to change the make of car so it would match his. iirc he only got out of it because he had paper copies.
-
It got worse than this, the ticketing company really wanted to get the money from him so when he got hold of a copy of the records and pointed out that one ticket was for a completely different car they modified the records on their end to change the make of car so it would match his. iirc he only got out of it because he had paper copies.
Don't they have to prove it with a photograph? In GermanyI'd laugh in theirface withput a photograph as evidence.
-
I have never seen this happen, and I don't know what tools would confuse the string "null" with NULL. From the comments in this thread, there are evidently more terribly programmed systems than I imagined.
As long as there's javascript somewhere, anything can happen
-
This post did not contain any content.
Lmao, I knew a guy from grade school with the last name Null.
