cm0002@lemmy.world to Technology@lemmy.worldEnglish · 2 months agoLife isn't easy if your last name is 'Null' as it still breaks database entries the world overwww.pcgamer.comexternal-linkmessage-square17fedilinkarrow-up1237arrow-down13
arrow-up1234arrow-down1external-linkLife isn't easy if your last name is 'Null' as it still breaks database entries the world overwww.pcgamer.comcm0002@lemmy.world to Technology@lemmy.worldEnglish · 2 months agomessage-square17fedilink
minus-squareZILtoid1991@lemmy.worldlinkfedilinkEnglisharrow-up2·2 months agoAre there character escapes for SQL, to protect against stuff like that?
minus-squaresolrize@lemmy.worldlinkfedilinkEnglisharrow-up6·2 months agoYes but it’s a dangerous process. You should use paramatrized queries instead.
minus-squaresugar_in_your_tea@sh.itjust.workslinkfedilinkEnglisharrow-up1·edit-22 months agoYup, then it becomes a front-end problem to deal with wonky input. As a backend dev, this is ideal, just give me data and I’ll store it for ya.
minus-squarepurplemonkeymad@programming.devlinkfedilinkEnglisharrow-up6·2 months agoUse parameters, that way data and queries are separate.
minus-squaresugar_in_your_tea@sh.itjust.workslinkfedilinkEnglisharrow-up1·2 months agoOnly noobs get hit by this (called SQL injection). That’s why we have leads review code…
Are there character escapes for SQL, to protect against stuff like that?
Yes but it’s a dangerous process. You should use paramatrized queries instead.
Yup, then it becomes a front-end problem to deal with wonky input. As a backend dev, this is ideal, just give me data and I’ll store it for ya.
Use parameters, that way data and queries are separate.
Only noobs get hit by this (called SQL injection). That’s why we have leads review code…