this post was submitted on 04 Apr 2024
970 points (97.5% liked)

Programmer Humor

19512 readers
418 users here now

Welcome to Programmer Humor!

This is a place where you can post jokes, memes, humor, etc. related to programming!

For sharing awful code theres also Programming Horror.

Rules

founded 1 year ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
970
Life Hack (lemm.ee)
submitted 7 months ago by [email protected] to c/[email protected]
128 comments fedilink hide all child comments
 
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 37 points 7 months ago* (last edited 7 months ago) (34 children)

I'd love to know what this would actually do.

Edit: Thanks for the responses and lively discussion!!

[–] [email protected] 86 points 7 months ago (28 children)

Assuming the accounting system this thing links with both does not protect from SQL injection attacks (many don't, despite it being easy to protect against) and also has a table named "Bills" with a field named "amount"; what this would do is go through every single Bills record and half the value in the amount field. This would completely fuck the system, particularly when it came to billing and tax filing as the numbers for accounts billing and receivable wouldn't even come close to matching each other. The accounting department would have a hell of a time fixing the damage.

[–] [email protected] 7 points 7 months ago* (last edited 7 months ago) (11 children)

does not protect from SQL injection attacks (many don't, despite it being easy to protect against)

Every modern database library automatically protects against SQL injection, usually by using prepared statements (where the query with placeholders, and the placeholder values, are sent as two separate things). so a system would have to be written extremely poorly to be vulnerable to it.

This post is just a joke as developers should hopefully be aware of the OWASP top 10 security vulnerabilities.

Edit: Bad developers will do bad things, but any reasonable developer should be well aware of these risks.

[–] [email protected] 10 points 7 months ago (1 children)

Every modern database library automatically protects against SQL injection,

No. Every modern library allows using prepared statements, but very few (of any) force using them. If the developer doesn't use them the libraries won't do shit to protect you.

[–] [email protected] -1 points 7 months ago* (last edited 7 months ago) (1 children)

What I meant is that not many people write raw SQL in product code any more, other than for analytical purposes (which are often in a system like Apache Airflow rather than in product code). ORM systems have mostly taken over except for cases where you really need raw SQL for whatever reason.

[–] [email protected] 2 points 7 months ago

Practically every dev learnt SQL and it's really easy to put hands crafted SQL in code so it's an easy mistake to make

load more comments (9 replies)
load more comments (25 replies)
load more comments (30 replies)