Comments | outfcheeseerror: mmm, parameterized queries

outfcheeseerror

mmm, parameterized queries

Sep 12, 2008 08:32

it's always great to wake up and see results of your company's awesome coding practices on the daily wtf. :)

having had to parameterize sql for one of our recently hacked business units' website... all i can do is sigh (and giggle a little bit)

Comments 5

deprivation September 12 2008, 15:52:25 UTC

wait. i don't understand. why shouldn't you just be able to concatenate queries together?

what if my favorite pet's name is "eris'; drop table users --" ?

outfcheeseerror September 12 2008, 16:31:10 UTC

i had no idea eris' middle name was '; drop table users -- :)

deprivation September 12 2008, 16:44:47 UTC

she comes from a long line of smart cats. her mother's maiden name was "'; update users set password = ''; --". she's just a more malicious incarnation.

newday September 12 2008, 16:28:55 UTC

I say you go into your VP of Technology's office, kick him in the dick, and then go to where ever they keep your servers and pour steaming hot coffee all over them, then quit.

That will make you feel much better.

outfcheeseerror September 12 2008, 16:33:36 UTC

to be fair, the team i work on actually does things intelligently. also, i'm not sure we have an actual VP of technology.

and i'd really only want to pour steaming hot coffee on the servers that have the code repository/source control for that product on it...if they even have source control, which i somewhat doubt. luckily, it's really easy to break into the server room...

otherwise...very tempting. :-P