Tom Kyte and Pete Finnigan are both well known for talking about the need to use bind variables and the dangers of SQL Injection. This cartoon must have been written just for them.
Except the cartoon makes the same mistake a lot of programmers make. They assume they just need to write a parser to make sure that type of stuff doesn’t get through. Instead they should just use bind variables. (simpler and more performant anyway) I remember getting into an argument with a bunch of programmers that they could write such a filter for their dynamic sql and didn’t need to use bind variables to prevent sql injection.
Comment by Jim — March 20, 2008 @ 5:15 pm BST Mar 20,2008
I love that it’s even using Oracle syntax!
Comment by Stew Stryker — April 1, 2008 @ 2:42 am BST Apr 1,2008
This is a bit off-topic but since this entry is labeled Humour, I found really hilarious this email I got today:
Dear Amazon.com Customer,
We’ve noticed that customers who have purchased or rated books by Thomas Kyte have also purchased All Mouth by Jonathan Lewis. For this reason, you might like to know that All Mouth is now available. You can order yours for just $12.89 ($6.06 off the list price) by following the link below.
Comment by Oscar de la Torre — April 9, 2008 @ 6:59 am BST Apr 9,2008
RSS feed for comments on this post. TrackBack URI
Fill in your details below or click an icon to log in:
You are commenting using your WordPress.com account. ( Log Out / Change )
You are commenting using your Twitter account. ( Log Out / Change )
You are commenting using your Facebook account. ( Log Out / Change )
You are commenting using your Google+ account. ( Log Out / Change )
Connecting to %s
Notify me of new comments via email.
Enter your email address to get email about new posts and
Join 4,161 other followers
Theme: Rubric. Get a free blog at WordPress.com
Get every new post delivered to your Inbox.