Does the Bobby Tables effect present a threat to OS?

Question

confluxepic · Answer

Hmm. Not sure.

confluxepic · Answer

Maybe if someones user name has a command but I doubt they can be connected to all the other users.

greencat · Answer

https://xkcd.com/327/ http://bobby-tables.com/

greencat · Answer

If I made an account with this username: `Robert'); DROP TABLE Users;--`

confluxepic · Answer

:O

greencat · Answer

OS should probably "sanitize their tables" to prevent trolls from doing this.

confluxepic · Answer

The trolls probably wouldn't have found out unless you made a question about it. -_-

greencat · Answer

@Preetha You need to sanitize our tables

greencat · Answer

"sanitize database inputs*"

chosenmatt · Answer

im lost

chosenmatt · Answer

lol

greencat · Answer

This should explain: http://bobby-tables.com/about.html

greencat · Answer

It's the about page.

confluxepic · Answer

How to avoid Bobby Tables There is only one way to avoid Bobby Tables attacks Do not create SQL statements that include outside data. Use parameterized SQL calls. http://bobby-tables.com/about.html

greencat · Answer

@CausticSyndicalist

anonymous · Answer

It's called SQL injection, not "bobby tables", and it has existed long before xkcd even existed.

greencat · Answer

I know :/

greencat · Answer

I use "bobby tables" to make the post seem interesting, just as the bobby-tables.com site does.

thesmartone · Answer

Interesting..

e.mccormick · Answer

Nope.  Not at all.  That is a SQL bug.