this post was submitted on 24 Feb 2025
412 points (98.6% liked)

Technology

63455 readers
5686 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
412
Life isn't easy if your last name is 'Null' as it still breaks database entries the world over (www.pcgamer.com)
submitted 4 days ago by [email protected] to c/[email protected]
76 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 138 points 4 days ago (4 children)

I’ve been doing web development for something like 20 years now and I just can’t imagine how shitty your backend is if this is an issue.

[–] [email protected] 57 points 4 days ago (1 children)

This was my thought as well, sanitize your inputs! Are they not quoting/casting to string before input?

[–] [email protected] 50 points 4 days ago (4 children)

Unless you’re coding from scratch it’s hard to not do this with any modern framework.

[–] [email protected] 41 points 4 days ago (2 children)

Legacy systems still handle more traffic than modern ones, I’d wager

[–] [email protected] 5 points 4 days ago

And it's probably not seen as urgent enough an issue to need replacing the whole system for.

[–] [email protected] 4 points 4 days ago

any govt system.

[–] [email protected] 22 points 4 days ago (1 children)

Word press code, and plugins, do not sanitize out of the box. You have to call an additional function, each time, that is not provided automatically. Many home made plugins miss that; many popular plugins used to be home made ones

[–] [email protected] 15 points 4 days ago (7 children)

Wordpress is a sin against mankind.

[–] [email protected] 15 points 4 days ago* (last edited 4 days ago) (1 children)

Let's take a blog and slap a whole e-commerce system on it through a plugin and let it auto translate with another one, what could go wrong. wait why is everything so slow, oh i need additional plugins for caching and one more for functionality XYZ why is everything broken now?!?

Edit: Sorry, my app had a hiccup and posted my comment several times

[–] [email protected] 9 points 4 days ago

Maybe your app is based on WordPress :'D

[–] [email protected] 7 points 4 days ago

Yet here we are, it and the plugins handle too much of my daily traffic. It’s easy to dismiss the piss poor coding, but is done at our peril.

Everyone of us has personal data stored in those God awful plugins, in their thousands of basic security holes

[–] [email protected] 13 points 4 days ago (1 children)

A couple years ago I wanted to write a simple website with SQL injection vulnerability, so I could demonstrate sqlmap to someone

It was surprisingly difficult (and every fiber in my body screamed)

[–] [email protected] 9 points 4 days ago

Imagine how hard it is to be this bad. Yet still people manage to do it.

[–] [email protected] 6 points 4 days ago* (last edited 3 days ago) (2 children)

Unless you’re coding from scratch it’s hard to not do this with any modern framework.

I think that word modern is doing a lot of heavy lifting there.

A lot of systems simply aren't modern. There's always that mentality of "well, it's been working for the last 12 years, let's not mess with it now", despite all the valid objections like "but it's running on Windows2000” or "it's a data breach waiting to happen"...

[–] [email protected] 1 points 3 days ago

Is it though? I haven’t used a framework since probably 2007 that doesn’t do this. There are the smaller, more DIY frameworks out there but I’ve never used them professionally.

[–] [email protected] 1 points 3 days ago (1 children)

What is a data beach?

[–] [email protected] 1 points 3 days ago

Thanks, I missed that

[–] [email protected] 14 points 4 days ago

It happened to a friend who wasn't passing in the proper types into their stored procedures, all strings, and "null" (not case sensitive) conflicted with actual null values. Everything in the web interface were strings, and so was null.

For some people it takes this mistake before they learn to always care about the data types you're passing in.

[–] [email protected] 10 points 4 days ago

With LLM coding increasing, it might be going up. Idk am no pro, just worried.

Tangential, but I find it hilarious how Gemini's syntax fucks up all the time.

I ask it to change my light called "CX2" to red. It complies, like usual, and it reads Okay, changing "CX2" to red., but what it says out loud is Okay, changing "CX two inches to red.

[–] [email protected] 4 points 3 days ago (2 children)

As a backbend dev, I blame DBAs. We were forced to support CSV imports from out support team so they could fix data issues on their own, and now we have some wonky data in prod...

[–] [email protected] 4 points 3 days ago

Lately I’ve been dealing with tons of invalid byte sequences in MySQL dumps and it makes me question what the hell they’re allowing in there.

[–] [email protected] 2 points 3 days ago

Yeah that’s a whole other can of worms. I see this a lot at work where people are asking for direct database credentials and cringe every time.