Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
Every single login or db question I see on stackoverflow has shit like this, it's scary to think these people are out there coding things we might be using...
-
stisch46037yYeah, I have to confess my first C# code probably looked like that before I discovered entity framework and Nhibernate.
... And that if I ever do PHP again it's gonna look like that on purpose -
retnikt67747yI'm no backend, what is so bad? (Other that possibly not escaping SQL, which I assume would have been done earlier in the code)
-
Gigex417y@Retnikt Like @PrivateGER said because of SQL Injection. Thats why most of Websites only allow to reset your password instead of sending it to you.
-
LLAMS36637yPrepared statements are not only more secure than this, but they are also easier to implement (no awkward string concatenation). So doing stuff like this isnt even lazy, its just totally negligent.
-
Root797677yHiiii! I'd like to log in, please? My username is "A'; select * from users; --". Thanks!
-
curlyDev4697yAnd its probably not hashed?
I mean negligence sure... But screwing with my data(password cant be reused because of people like this...) -
brettski4997yIt’s the exact reason why SQL injection has remained a top vulnerability for more than 15 years. I guess some lessons are perpetually ignored
-
AL1L30737yI wouldn't harass newbies about this, because they're still learning. I would guess that many of us here have done something like this at least once. It would be best to warn them about SQL injection without calling them stupid.
-
@Codex404 you don't. That's why if you forget your password you can create a new one.
-
LLAMS36637y@finiteAutomaton But if you dont know how to protect yourself against something as painfully trivial as SQL injection, I doubt you have anything even vaguely resembling #amazingsecurity
-
@CrashOverride At least you can try to convince your customers on twitter that it is still amazingly good.
Related Rants
-
l0om44100% Real. And it's not even the worst on the site.
-
Codazed11Being 100% serious, I saw a guy in my Computer Programming I class using MS Word to write code that he would c...
-
dfox8I worked with a good dev at one of my previous jobs, but one of his faults was that he was a bit scattered and...
This is real.
String query = "select password from users where username = " + username;
rant
wk99