Learn More
Resend Email
26
aayusharyan
6y

Was my prev dev fucking high or what?
Who names an UPDATE Query as delete.
That shitfuck deserves a special place in hell.

undefined

fuck logic
Favorite
Ranter
Comments
  • 3
    6y
    It’s called spaghetti code :)
  • 3
    6y
    @rui725 More like 💩code...
  • 6
    6y
    Looks like copy/pasta.

    Seen it to often :(
  • 16
    6y
    Uuuh, prepared statements? It's 2017 and SQL injection is still a thing?
  • 2
    6y
    @olback how do u prevent an sql injection?
  • 5
    6y
    I couldn't care less about the fact that the naming is bad but what I do care about is is the fact that whoever wrote this is retarded enough to use mysql_query despite it being deprecated and as mentioned above its 2017 and SQL injections still exist and with so much pressure to use prepared statements or at least mysqli, it's really fucking stupid.
  • 4
    6y
    @rui725 With prepared statements and/or real_escape.
  • 2
    6y
    @olback can you give examples I am really clueless with sql injection I only know that you can prevent sql injections with placeholders
  • 2
    6y
    @rui725 Just search the internet, there are many good examples and explanations out there.

    Edit: I'm way too tired to explain right now, 3:30 in the morning, sorry :/
  • 0
    6y
    I don't know who he is, but I will find him and kill him.
  • 4
    6y
    @olback prepare, bind and real_escape
  • 3
    6y
    mysql_query? I'm pretty sure that died with php 7
  • 1
    6y
    @ilikeglue Yes, It was completely removed in PHP 7.x
  • 3
    6y
    @rui725 basic sql injection protection is to make sure you do not let any external data into the sql without checks.

    One way is to use .net sql parameters or something equivalent.

    Then the query engine knows it is data and handles checking and escaping for you.

    If you have to roll your own make a set of data methods for the different types, number, string, boolean ...

    That method does checking, like verifying that the number is a number or escapes strings by doubling all ‘ and adding ‘ on the sides.

    Then you ALWAYS use the methods for all data no matter the source.
    Never trust any data to be pre validated.

    Of cause if you have strict typing you do not have to check an integer, it will not contain any secrets ;)

    Also, the methods have to be easy to use an preferably convenient so that laziness works towards security. :D
  • 2
    6y
    Got triggered with the style in the <div> and the mysql_* function that is deprecated since a year and a half. Punch the dude for me, please.
  • 1
    6y
    May it burn in hell. Forever. 🤘
  • 2
    6y
    Is the qurey the only problme you see in this Line ??

    If yes , you ain't better than your Friend :(
  • 0
    6y
    @Baguette Naah, there are a lot of other things with this dude.
  • 0
    6y
    This is that same asshole...
    https://devrant.com/rants/910669/...
  • 2
    6y
    @Voxera ty well explained :)
  • 1
    6y
    He was confused because he code php
Related Rants
devRant © 2021 Hexical Labs LLC
Privacy Policy  |  Terms of Service
Add Comment