December 12th, 2011

Left Eye

Remember Bobby Tables

You would think the guardians of Scottish culture (inexplicably unavailable at this precise moment) would be more careful.  I had trouble logging in because of an apostrophe in a password, and the error message was very obviously a sanitation problem ("Error in SQL at string..." obviously because the quote ended too early).  An apostrophe in an input field should not cause a server error.  (I really hope I've not made that mistake in anything I've coded.  I think I've watched for it all the time, but maybe I missed once, or didn't sanitize enough..?)

I sent them email telling them about the problem, and suggested they show http://xkcd.com/327/ to their DB techs.  They have fixed the problem (or I wouldn't be telling you who it was in a blog right now).  You can't be too careful.