4
LLAMS
295d

This is your friendly reminder to trim whitespace from strings before saving them to a DB

Comments
  • 0
    Without any further context: No.
  • 4
    Entirely depends what it is.
    An article? Absolutely.
    A password? Retroactively fuck your mother with a rusty hanger.
  • 2
    Is this a veiled didn't sanitize inputs issue?
  • 1
    this is your not-so-friendly reminder to just use parameterised queries and stop giving a fuck _what_ the user enters.
  • 2
    @Demolishun It is absolutely a veiled “didn’t sanitize inputs” problem.
    They are not passwords or articles or any kind of freeform content, they are IDs which will later be queried against.
  • 2
    @LLAMS how do those ids end up having trailing or leading whitespace? Does someone enter them manually? If so, why?
  • 0
    @Lensflare Entered manually to a GraphQL mutation
  • 1
    id: “26’; DROP TABLE students; -- “
  • 0
    @Root Joke’s on you it’s a DynamoDB table. Checkmate hackers. Oh wait, now you know…
Add Comment