Interviewer: Do you know about SQL injection? Student: Yessss Interviewer: Okay, how we can prevent it? Student: Ye

Ranter

opengenus

3767

Comments

37

kamen

7009

4y

Do they get extra points for not just saying "I don't know"?
6

electrineer

30337

4y

Genius
42

lorentz

14745

4y

@kamen Minus. Not admitting the lack of knowledge can bring down entire projects.
20

ultimaterage

186

4y

I thought the joke was "By not using SQL"
14

Fast-Nop

40304

4y

Well I'm totally not into database knowledge, but my try would have been "by never trusting any external input, always sanitising/escaping it server-side (no matter whether it had been validated client-side)"?
11

kescherRant

24533

4y

@Fast-Nop

and by using prepared statements
9

SukMikeHok

14065

4y

so did u get the job or not dont leave us hanging
8

fx2000

9

4y

Prepared statements, sanitize your inputs, thoughts and prayers.
6

Commodore

2201

4y

Is that student an AI?
4

opengenus

3767

4y

@SukMikeHok 2 weeks in, still waiting.
2

theofanis

949

4y

@ultimaterage so you mean No-SQL ?
3

smirving

94

4y

@Fast-Nop Data that writes to the database should ALWAYS be sanitized client side and server side. I think were in agreement but just wanted to stress that it should never be just one even if it's getting done server side.
3

bvs23bkv33

402

4y

boo
3

Fast-Nop

40304

4y

@smirving For the injection issue specifically, I think client-side sanitation can never be trusted because attackers can modify any client-side code anyway and use their modified forms etc for submitting.

For catching user errors without needing several roundtrips in GUI delay, client-side validation is still helpful.
5

lorentz

14745

4y

I know it! You need to base64 every user input. That way it'll never be meaningful SQL.
3

kamen

7009

4y

@Lor-inc Yeah, you're right. Fair enough.
16

Maer

1799

4y

"Do you know MySQL?"

"Your SQL?"
3

karma

11128

4y

Hardcode all dat shitteeeee

Add Comment

rant