Comments | substitute: list of surprising things today

substitute

list of surprising things today

Nov 09, 2005 02:57

A young guy in a ball cap and sweatshirt and jeans, very typical OC college student type, showed up on the patio and sat outside. He produced from somewhere a bird, a small green one, something similar to a parakeet. Odessa, who was sitting next to me inside, pointed him out. We watched him talk to the bird, who wandered around on the table in ( Read more... )

me, lists, self-indulgent

Comments 9

jessef November 9 2005, 12:31:16 UTC

> Yes, that Jared.

Fogel?

substitute November 9 2005, 20:19:08 UTC

Nah, I bet that guy is a big Tori fan. This Jared likes Tool and Meshuggah.

travisd November 9 2005, 15:08:20 UTC

The apostrophe in "McDonald's" temporarily broke the large, professional website of the company for whom I work.

Sounds like some cross-site-scripting waiting to happen there... That or SQL injection :) Someone's not scrubbing their input...

petdance November 9 2005, 15:33:00 UTC

Never mind scrubbing input, they should be using bind variables. For example, if they're using Perl, instead of

$dbh->do("insert into visitor (name) values ('$field');"

they should be using

my $sth = $dbh->prepare( "insert into visitor(name) values (?)");
$sth->execute($name);

That way, it because $name is never interpolated into a SQL string, it doesn't matter what's in $name. PHP has support for bind variables as well.

Way sadder than you think! substitute November 9 2005, 20:18:02 UTC

It's Java munching on XML. And the sad part is, we have proven totally functional code that makes this impossible, and people just... don't... USE it.

brianenigma November 9 2005, 19:50:53 UTC

Was it "'" or " '' "?

substitute November 9 2005, 20:18:35 UTC

the apostrophe, not a double quote :)

brianenigma November 9 2005, 21:18:13 UTC

That was an HTML-encoded apostrophe versus a SQL-encoded apostrophe.

substitute November 9 2005, 21:28:21 UTC

oh okay, I spaced.