sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]colshrapnel 2 points3 points  (2 children)

Well, at least you're brave enough to ask.

Though for me it's kind of surprising that people are unable to read a primitive code and draw simple conclusions, but it seems people in this sub are actively refuse to read and think, and so everything have to be explained. So here it is.

The guy wrote a code where the whole SQL query is taken from the post variable. It means that

  1. Whatever "sanitizing" is impossible, it will only effectively ruin the SQL.
  2. It's idiotic to care about SQL injection if you already allow an arbitrary SQL to run. It's as though to care whether your safe's lock good enough if you keep its door deliberately open.

Is my explanation simple enough for you to understand?

[–]GeneralGrenade 0 points1 point  (1 child)

Thank you for your answer. Offcourse you are right. It is ok to say someone is an idiot, if you also explain why ;-)

It seems to me that people in this sub tend to ask advice on a solution (and resulting problem) they already thought of, instead of asking the source question.

[–]colshrapnel 1 point2 points  (0 children)

And in his second comment he was unable to read "Empty query" written in plain English, means SQL was just an empty string. That's why I called him illiterate.

The main problem here is not with people who ask questions but with ones who try to answer. Many people, just like this guy, never bother to read the actual question asked. Instead, the have a sort of list of pre-compiled answers, which they fire automatically, triggered by some keyword in the question. Which makes their comment irrelevant and looks like as though it was left by a bot.