Interviewer: Do you know about SQL injection? Student: Yessss Interviewer: Okay, how we can prevent it? Student: Ye

Ranter

opengenus

3758

Comments

37

kamen

6984

5y

Do they get extra points for not just saying "I don't know"?
6

electrineer

30337

5y

Genius
42

lorentz

15235

5y

@kamen Minus. Not admitting the lack of knowledge can bring down entire projects.
20

ultimaterage

184

5y

I thought the joke was "By not using SQL"
14

Fast-Nop

39378

5y

Well I'm totally not into database knowledge, but my try would have been "by never trusting any external input, always sanitising/escaping it server-side (no matter whether it had been validated client-side)"?
11

kescherRant

24220

5y

@Fast-Nop

and by using prepared statements
9

SukMikeHok

14006

5y

so did u get the job or not dont leave us hanging
8

fx2000

9

5y

Prepared statements, sanitize your inputs, thoughts and prayers.
6

Commodore

2185

5y

Is that student an AI?
4

opengenus

3758

5y

@SukMikeHok 2 weeks in, still waiting.
2

theofanis

948

5y

@ultimaterage so you mean No-SQL ?
3

smirving

92

5y

@Fast-Nop Data that writes to the database should ALWAYS be sanitized client side and server side. I think were in agreement but just wanted to stress that it should never be just one even if it's getting done server side.
3

bvs23bkv33

395

5y

boo
3

Fast-Nop

39378

5y

@smirving For the injection issue specifically, I think client-side sanitation can never be trusted because attackers can modify any client-side code anyway and use their modified forms etc for submitting.

For catching user errors without needing several roundtrips in GUI delay, client-side validation is still helpful.
5

lorentz

15235

5y

I know it! You need to base64 every user input. That way it'll never be meaningful SQL.
3

kamen

6984

5y

@Lor-inc Yeah, you're right. Fair enough.
16

Maer

1782

5y

"Do you know MySQL?"

"Your SQL?"
3

karma

11051

5y

Hardcode all dat shitteeeee

Add Comment

rant