You must log in or register to comment.
Putting the psyco in psycopg
Flashbacks to one of my early freelance PHP gigs I did about 2 decades ago where I opened up the existing backend source code to find a load of unsanitised user input directly from the query string getting interpolated into the various SQL queries the application made. Part of me also feels like the “bobby tables” xkcd already existed by this point, so I’ve got no idea how that website managed to not get nuked before I refactored it.
To top it all off, of course the application authenticated with the database using the root user…
Thankfully I think that was the worst I ever discovered in the wild
Im gonna manually merge values to a query
Why is it only a yellow warning, and not a red one?
There’s an edge case where you want the guys in balaclavas to show up.
When you hope they’re dyslexic and show up with delicious baklavas instead.
That’s how I read it at first
To add. The specific edge case where you want to do the balaclava thing is when you are concatenating internally generated column and table names, operators, and entire conditions with extra parameters that you will add the correct way.
Holy hell, thats rough. :D
