Search Engine WTF



  • @Ars Technica said:

    Search engine traffic brings plenty of readers to Ars Technica, most
    looking for gadget reviews and technology writing. After looking through
    site logs, the top 20 incoming search terms for the first half of 2013
    were largely expected.  But what about the oddball requests—you know, the true outliers that are
    so strange they appear only a single time in our logs? Well, they're
    present, too, and by the tens of thousands. Here are a small selection
    of the stranger search terms that somehow led users to Ars in the last
    six months:

    • my downspout frozen
    • can you change condo bylaws if someone is not paying hoa fees to not vote
    • club of the month discounts
    • u.s. military policy on pornography
    • how dip i determine a neighbors wi-fi passkey
    • how bad does it hurt to dislocate your kneecap
    • can you be prosecuted by your ip address
    • joining air force without agreeing to the policy
    • why are cats so fascinated by laser pointers
    • west wing the american president similarities
    • too hot outside central air unit not cooling house
    • mold in brita filter
    • should i watch amelie dubbed or with subtitles
    • how to make a cheap repurposed fire pit
    • hot latex bed
    • is youth xl the same size as adult small in shirts
    • naked picture posted that was not distributed; how do i get it removed? no way to contact website owner
    • are robots taking our jobs or creating them
    • can apple detect my pirated music
    • cause of turbulence in pipe flow
    • why di they put bike seats so high
    • sore tongue after eating fresh pineapple
    • awesome evil names

     





  • If anyone had hope that people are not fundamentally retarded, I hope this dispels that forever.

    Keep in mind: some of these people vote, and their vote counts for just as much as yours. And they're crapping out kids faster than you, too.


  • Winner of the 2016 Presidential Election



  • @joe.edwards said:

    Part 1

    Part 2

    Part 3



  • @joe.edwards said:

    Part 1

    Part 2

    Part 3

    I've always suspected that Shemales cause high blood pressure.



  • @El_Heffe said:

    I've always suspected that Shemales cause high blood pressure.

    It's a mere correlation. Here is the chain of causation:

    1. Fat guys can't get laid
    2. They watch lots of porn
    3. They get used to see sexual intercourse as an external object with two properties (the male and female)
    4. When they are exposed to shemales porn, because of the transference effect they see it as a way to become themselves both the male and the female in a sexual intercourse
    5. Decompensation kicks in and the boundaries between the object of their desire (the sexual intercourse) and the enabler (the shemale) starts to get blurry

    Fat guys have also have a higher rate of blood pressure, hence the correlation.


  • Winner of the 2016 Presidential Election

    @joe.edwards said:

    Part 1

    Part 2

    Part 3



  • What, no bizarre fetishes? Clearly, that list is censored.



    Good thing Ms. 711391 clarified that she meant sex in person. As opposed to… 



  • Some of these topics are explicitly questions with fairly simple answers.  You may want to take a hint from a few websites I've seen that have disclaimers like "This is RandomPhrase.com, not RandomPhraseVariant.com.  If you're looking for the latter, here's a link to it."

    I'm happy to help with a few of those listed:

    • how bad does it hurt to dislocate your kneecap
      Pretty bad, but there are worse things.

    • why are cats so fascinated by laser pointers
      Because laser pointers are awesome and cool.  In fact, if you're not fascinated by them too, there's something wrong with you.

    • should i watch amelie dubbed or with subtitles
      Subtitles.  Dubbed foreign movies are for people who live in trailer parks.

    • is youth xl the same size as adult small in shirts
      Not even close.

    • are robots taking our jobs or creating them
      Both.  Get used to it.

    • can apple detect my pirated music
      They can now.  You should have kept your mouth shut about it.

    • why di they put bike seats so high
      I think the real question is why is your ass so low?

     



  • @da Doctah said:

  • should i watch amelie dubbed or with subtitles
    Subtitles.  Dubbed foreign movies are for people who live in trailer parks.
  •  

    So... dubbed it is.

     



  • @dhromed said:

    @da Doctah said:

  • should i watch amelie dubbed or with subtitles
    Subtitles.  Dubbed foreign movies are for people who live in trailer parks.
  •  

    So... dubbed it is.

     

    Eugh.... just imagine how bad the awesome Amelie would be if dubbed. Shudders




  • Some of these made me feel genuinely bad for those people. There's no way they can survive in the real world.

    It's like watching an abandoned cat trying to survive on the streets in some city with heavy traffic. You just know it's not gonna end well.



  • @spamcourt said:


    Some of these made me feel genuinely bad for those people. There's no way they can survive in the real world.

    It's like watching an abandoned cat trying to survive on the streets in some city with heavy traffic. You just know it's not gonna end well.

    HELP I'M GETTING OVERWHELMED BY THE INTERNET. please egnolige.



  • I used to do something with search engines for company websites some 15 years ago, and the log files for the big customer, a bank, then already regularly had entries like "sex". Yes, people tried to look for porn on a bank's web site.



  • @TGV said:

    I used to do something with search engines for company websites some 15 years ago, and the log files for the big customer, a bank, then already regularly had entries like "sex". Yes, people tried to look for porn on a bank's web site.

    And...? Did they find it?

    Man people around here always only tell half the story...



  • @blakeyrat said:

    @TGV said:
    I used to do something with search engines for company websites some 15 years ago, and the log files for the big customer, a bank, then already regularly had entries like "sex". Yes, people tried to look for porn on a bank's web site.

    And...? Did they find it?

    Man people around here always only tell half the story...

    No they didn't, that part of the network had the real security.

  • Winner of the 2016 Presidential Election

    @KattMan said:

    @blakeyrat said:
    @TGV said:
    I used to do something with search engines for company websites some 15 years ago, and the log files for the big customer, a bank, then already regularly had entries like "sex". Yes, people tried to look for porn on a bank's web site.

    And...? Did they find it?

    Man people around here always only tell half the story...

    No they didn't, that part of the network had the real security.
    By which he means they were located in /reports/quarterly/q3 and had names like !!!spread_sheet.jpg and money_shot.mpg.


  • @blakeyrat said:

    @TGV said:
    I used to do something with search engines for company websites some 15 years ago, and the log files for the big customer, a bank, then already regularly had entries like "sex". Yes, people tried to look for porn on a bank's web site.

    And...? Did they find it?

    Man people around here always only tell half the story...

    Certainly, it is odd that people would follow a link to the bank, but it begs the question, what was the search engine finding that it returned the bank's web site as a, presumably highly ranked, result for that query?


  • @HardwareGeek said:

    Certainly, it is odd that people would follow a link to the bank, but it begs the question, what was the search engine finding that it returned the bank's web site as a, presumably highly ranked, result for that query?

    When people think of getting ass-fucked, banks probably come to mind.



  • @HardwareGeek said:

    Certainly, it is odd that people would follow a link to the bank, but it begs the question, what was the search engine finding that it returned the bank's web site as a, presumably highly ranked, result for that query?
    I don't think that's what he meant.  I think people went to the bank website for regular bank stuff, and while they were there saw a search box so they searched for porn.  After all, what else is search for?



  • @El_Heffe said:

    I think people went to the bank website for regular bank stuff, and while they were there saw a search box so they searched for porn.  After all, what else is search for?

    Clearly search can also be used if you don't remember your email address or the code.


  • Winner of the 2016 Presidential Election

    @El_Heffe said:

    @HardwareGeek said:

    Certainly, it is odd that people would follow a link to the bank, but it begs the question, what was the search engine finding that it returned the bank's web site as a, presumably highly ranked, result for that query?
    I don't think that's what he meant.  I think people went to the bank website for regular bank stuff, and while they were there saw a search box so they searched for porn.  After all, what else is search for?


    You could search for '; drop table accounts; --.



  • @joe.edwards said:

    @El_Heffe said:

    @HardwareGeek said:

    Certainly, it is odd that people would follow a link to the bank, but it begs the question, what was the search engine finding that it returned the bank's web site as a, presumably highly ranked, result for that query?
    I don't think that's what he meant.  I think people went to the bank website for regular bank stuff, and while they were there saw a search box so they searched for porn.  After all, what else is search for?


    You could search for '; drop table accounts; --.

    This is why I name all of my tables as 36 character, randomly generated alphanumeric strings. Total protection against SQL injection.



  • I worked for a major life insurance company, that created a group of policies with an internal abbreviation of XXX. All the pages we created had file names like XXX_blahblahblah.asp. Testing was an utter disaster because the firewall blocked internal sites as well as external, and any url with xxx was blocked and generated a report to HR. It took a couple of weeks to get it all sorted out.



  • @morbiuswilters said:

    @joe.edwards said:
    @El_Heffe said:

    @HardwareGeek said:

    Certainly, it is odd that people would follow a link to the bank, but it begs the question, what was the search engine finding that it returned the bank's web site as a, presumably highly ranked, result for that query?
    I don't think that's what he meant.  I think people went to the bank website for regular bank stuff, and while they were there saw a search box so they searched for porn.  After all, what else is search for?


    You could search for '; drop table accounts; --.

    This is why I name all of my tables as 36 character, randomly generated alphanumeric strings. Total protection against SQL injection.

    I don't know if you picked 36 on purpose but because alphanum is base-36 one could build a 3D map matching all the possible permutations, load that in Postgres and use pgRouting in Postgis to try SQL injection much faster than a randomizer could do.



  • @Ronald said:

    @morbiuswilters said:
    @joe.edwards said:
    @El_Heffe said:

    @HardwareGeek said:

    Certainly, it is odd that people would follow a link to the bank, but it begs the question, what was the search engine finding that it returned the bank's web site as a, presumably highly ranked, result for that query?
    I don't think that's what he meant.  I think people went to the bank website for regular bank stuff, and while they were there saw a search box so they searched for porn.  After all, what else is search for?


    You could search for '; drop table accounts; --.

    This is why I name all of my tables as 36 character, randomly generated alphanumeric strings. Total protection against SQL injection.

    I don't know if you picked 36 on purpose but because alphanum is base-36 one could build a 3D map matching all the possible permutations, load that in Postgres and use pgRouting in Postgis to try SQL injection much faster than a randomizer could do.

    "Fast" and "106387358923716524807713475752456393740167855629859291136 things to try" don't really go together.



  • @Ben L. said:

    @Ronald said:
    @morbiuswilters said:
    @joe.edwards said:
    @El_Heffe said:

    @HardwareGeek said:

    Certainly, it is odd that people would follow a link to the bank, but it begs the question, what was the search engine finding that it returned the bank's web site as a, presumably highly ranked, result for that query?
    I don't think that's what he meant.  I think people went to the bank website for regular bank stuff, and while they were there saw a search box so they searched for porn.  After all, what else is search for?


    You could search for '; drop table accounts; --.

    This is why I name all of my tables as 36 character, randomly generated alphanumeric strings. Total protection against SQL injection.

    I don't know if you picked 36 on purpose but because alphanum is base-36 one could build a 3D map matching all the possible permutations, load that in Postgres and use pgRouting in Postgis to try SQL injection much faster than a randomizer could do.

    "Fast" and "106387358923716524807713475752456393740167855629859291136 things to try" don't really go together.

    Fast and faster are two different things. Also if you had any experience with GIS routing you would know that the entire point is that you don't have to "try" all the combinations.



  • @Ben L. said:

    @Ronald said:
    I don't know if you picked 36 on purpose but because alphanum is base-36 one could build a 3D map matching all the possible permutations, load that in Postgres and use pgRouting in Postgis to try SQL injection much faster than a randomizer could do.

    "Fast" and "106387358923716524807713475752456393740167855629859291136 things to try" don't really go together.

    As Ben correctly observed, Morbs's table names are not permutations of the 36 possible characters. Thus, there are not "merely" 3.72E+41 possibilities, there are 1.06E+56.



  • @HardwareGeek said:

    @Ben L. said:
    @Ronald said:
    I don't know if you picked 36 on purpose but because alphanum is base-36 one could build a 3D map matching all the possible permutations, load that in Postgres and use pgRouting in Postgis to try SQL injection much faster than a randomizer could do.

    "Fast" and "106387358923716524807713475752456393740167855629859291136 things to try" don't really go together.

    As Ben correctly observed, Morbs's table names are not permutations of the 36 possible characters. Thus, there are not "merely" 3.72E+41 possibilities, there are 1.06E+56.

    You guys are forgetting case-sensitivity, too. So there are 56^36 possible combinations. Clearly a very safe table-naming process.



  • @morbiuswilters said:

    @HardwareGeek said:
    @Ben L. said:
    @Ronald said:
    I don't know if you picked 36 on purpose but because alphanum is base-36 one could build a 3D map matching all the possible permutations, load that in Postgres and use pgRouting in Postgis to try SQL injection much faster than a randomizer could do.

    "Fast" and "106387358923716524807713475752456393740167855629859291136 things to try" don't really go together.

    As Ben correctly observed, Morbs's table names are not permutations of the 36 possible characters. Thus, there are not "merely" 3.72E+41 possibilities, there are 1.06E+56.

    You guys are forgetting case-sensitivity, too. So there are 56^36 possible combinations. Clearly a very safe table-naming process.

    There is no clear path originator in a cuboid so yes, as far as I can tell this approach is immune to non-linear injection vectors.



  • @Ronald said:

    @morbiuswilters said:
    @HardwareGeek said:
    @Ben L. said:
    @Ronald said:
    I don't know if you picked 36 on purpose but because alphanum is base-36 one could build a 3D map matching all the possible permutations, load that in Postgres and use pgRouting in Postgis to try SQL injection much faster than a randomizer could do.

    "Fast" and "106387358923716524807713475752456393740167855629859291136 things to try" don't really go together.

    As Ben correctly observed, Morbs's table names are not permutations of the 36 possible characters. Thus, there are not "merely" 3.72E+41 possibilities, there are 1.06E+56.

    You guys are forgetting case-sensitivity, too. So there are 56^36 possible combinations. Clearly a very safe table-naming process.

    There is no clear path originator in a cuboid so yes, as far as I can tell this approach is immune to non-linear injection vectors.

    It's also immune to being at all understandable in the code: SELECT ZuIzbJCWUHaj1167jgRw5NNiC5wjLDPZVfhIAQiRz8IJkOBoguAFKOVx7FGQkFX, vnbFusm2elmxHNR3wGzWhtsHbaQrdtjvsGvKRUSqv7VgOdqZljFuSCbNGw5Z1sZ, COUNT(LHTSSlkvqqsaW8FYnGMbLiU49ArlVUxiET52d1hRzYaFa4E83AXGjTLfNYvVogG) AS NfMEQCZbeB0JBVo0pK6Ux9wSswzUhS0g9wt3lVUmraut6TLmLRMKZTyCPuvUUDx FROM Vbo2gyv3rMR8YgGIPxSLozom1x1D5NQ7Qa9A41v9Lhe7FV4R1aXn439LwqQ62s3 WHERE cLOHWwFMOBZ8pc1nd4WxqiA8dfYdK7kVqemMi3oM9W1xGmlrPluLMdJMef9tWQS = '" + password + "' AND shYEbMmSXRFkHa2GLcTxtwjwHeBTR5jyPvEallqXbePMAhn0l11B3oLIvOPmX6p = '" + username + "' LIMIT 1



  • @Ben L. said:

    It's also immune to being at all understandable in the code: SELECT ZuIzbJCWUHaj1167jgRw5NNiC5wjLDPZVfhIAQiRz8IJkOBoguAFKOVx7FGQkFX, vnbFusm2elmxHNR3wGzWhtsHbaQrdtjvsGvKRUSqv7VgOdqZljFuSCbNGw5Z1sZ, COUNT(LHTSSlkvqqsaW8FYnGMbLiU49ArlVUxiET52d1hRzYaFa4E83AXGjTLfNYvVogG) AS NfMEQCZbeB0JBVo0pK6Ux9wSswzUhS0g9wt3lVUmraut6TLmLRMKZTyCPuvUUDx FROM Vbo2gyv3rMR8YgGIPxSLozom1x1D5NQ7Qa9A41v9Lhe7FV4R1aXn439LwqQ62s3 WHERE cLOHWwFMOBZ8pc1nd4WxqiA8dfYdK7kVqemMi3oM9W1xGmlrPluLMdJMef9tWQS = '" + password + "' AND shYEbMmSXRFkHa2GLcTxtwjwHeBTR5jyPvEallqXbePMAhn0l11B3oLIvOPmX6p = '" + username + "' LIMIT 1

    You forgot the brackets. What if by chance NfMEQCZbeB0JBVo0pK6Ux9wSswzUhS0g9wt3lVUmraut6TLmLRMKZTyCPuvUUDx becomes a SQL keyword at some point in the future?



  • @Ben L. said:

    It's also immune to being at all understandable in the code: SELECT ZuIzbJCWUHaj1167jgRw5NNiC5wjLDPZVfhIAQiRz8IJkOBoguAFKOVx7FGQkFX, vnbFusm2elmxHNR3wGzWhtsHbaQrdtjvsGvKRUSqv7VgOdqZljFuSCbNGw5Z1sZ, COUNT(LHTSSlkvqqsaW8FYnGMbLiU49ArlVUxiET52d1hRzYaFa4E83AXGjTLfNYvVogG) AS NfMEQCZbeB0JBVo0pK6Ux9wSswzUhS0g9wt3lVUmraut6TLmLRMKZTyCPuvUUDx FROM Vbo2gyv3rMR8YgGIPxSLozom1x1D5NQ7Qa9A41v9Lhe7FV4R1aXn439LwqQ62s3 WHERE cLOHWwFMOBZ8pc1nd4WxqiA8dfYdK7kVqemMi3oM9W1xGmlrPluLMdJMef9tWQS = '" + password + "' AND shYEbMmSXRFkHa2GLcTxtwjwHeBTR5jyPvEallqXbePMAhn0l11B3oLIvOPmX6p = '" + username + "' LIMIT 1

    Did you think anyone was seriously suggesting this?



  • @Ronald said:

    @Ben L. said:
    It's also immune to being at all understandable in the code: SELECT ZuIzbJCWUHaj1167jgRw5NNiC5wjLDPZVfhIAQiRz8IJkOBoguAFKOVx7FGQkFX, vnbFusm2elmxHNR3wGzWhtsHbaQrdtjvsGvKRUSqv7VgOdqZljFuSCbNGw5Z1sZ, COUNT(LHTSSlkvqqsaW8FYnGMbLiU49ArlVUxiET52d1hRzYaFa4E83AXGjTLfNYvVogG) AS NfMEQCZbeB0JBVo0pK6Ux9wSswzUhS0g9wt3lVUmraut6TLmLRMKZTyCPuvUUDx FROM Vbo2gyv3rMR8YgGIPxSLozom1x1D5NQ7Qa9A41v9Lhe7FV4R1aXn439LwqQ62s3 WHERE cLOHWwFMOBZ8pc1nd4WxqiA8dfYdK7kVqemMi3oM9W1xGmlrPluLMdJMef9tWQS = '" + password + "' AND shYEbMmSXRFkHa2GLcTxtwjwHeBTR5jyPvEallqXbePMAhn0l11B3oLIvOPmX6p = '" + username + "' LIMIT 1

    You forgot the brackets. What if by chance NfMEQCZbeB0JBVo0pK6Ux9wSswzUhS0g9wt3lVUmraut6TLmLRMKZTyCPuvUUDx becomes a SQL keyword at some point in the future?

    Better?



  • @morbiuswilters said:

    @Ben L. said:
    It's also immune to being at all understandable in the code: SELECT ZuIzbJCWUHaj1167jgRw5NNiC5wjLDPZVfhIAQiRz8IJkOBoguAFKOVx7FGQkFX, vnbFusm2elmxHNR3wGzWhtsHbaQrdtjvsGvKRUSqv7VgOdqZljFuSCbNGw5Z1sZ, COUNT(LHTSSlkvqqsaW8FYnGMbLiU49ArlVUxiET52d1hRzYaFa4E83AXGjTLfNYvVogG) AS NfMEQCZbeB0JBVo0pK6Ux9wSswzUhS0g9wt3lVUmraut6TLmLRMKZTyCPuvUUDx FROM Vbo2gyv3rMR8YgGIPxSLozom1x1D5NQ7Qa9A41v9Lhe7FV4R1aXn439LwqQ62s3 WHERE cLOHWwFMOBZ8pc1nd4WxqiA8dfYdK7kVqemMi3oM9W1xGmlrPluLMdJMef9tWQS = '" + password + "' AND shYEbMmSXRFkHa2GLcTxtwjwHeBTR5jyPvEallqXbePMAhn0l11B3oLIvOPmX6p = '" + username + "' LIMIT 1

    Did you think anyone was seriously suggesting this?

    TRWTF is having complex object names to avoid SQL injection while not using prepared statement.



  • @Ronald said:

    @morbiuswilters said:
    @Ben L. said:
    It's also immune to being at all understandable in the code: SELECT ZuIzbJCWUHaj1167jgRw5NNiC5wjLDPZVfhIAQiRz8IJkOBoguAFKOVx7FGQkFX, vnbFusm2elmxHNR3wGzWhtsHbaQrdtjvsGvKRUSqv7VgOdqZljFuSCbNGw5Z1sZ, COUNT(LHTSSlkvqqsaW8FYnGMbLiU49ArlVUxiET52d1hRzYaFa4E83AXGjTLfNYvVogG) AS NfMEQCZbeB0JBVo0pK6Ux9wSswzUhS0g9wt3lVUmraut6TLmLRMKZTyCPuvUUDx FROM Vbo2gyv3rMR8YgGIPxSLozom1x1D5NQ7Qa9A41v9Lhe7FV4R1aXn439LwqQ62s3 WHERE cLOHWwFMOBZ8pc1nd4WxqiA8dfYdK7kVqemMi3oM9W1xGmlrPluLMdJMef9tWQS = '" + password + "' AND shYEbMmSXRFkHa2GLcTxtwjwHeBTR5jyPvEallqXbePMAhn0l11B3oLIvOPmX6p = '" + username + "' LIMIT 1

    Did you think anyone was seriously suggesting this?

    TRWTF is having complex object names to avoid SQL injection while not using prepared statement.

    If obscure naming practices "help security", you're not using prepared statements.



  • @Ronald said:

    @morbiuswilters said:
    @Ben L. said:
    It's also immune to being at all understandable in the code: SELECT ZuIzbJCWUHaj1167jgRw5NNiC5wjLDPZVfhIAQiRz8IJkOBoguAFKOVx7FGQkFX, vnbFusm2elmxHNR3wGzWhtsHbaQrdtjvsGvKRUSqv7VgOdqZljFuSCbNGw5Z1sZ, COUNT(LHTSSlkvqqsaW8FYnGMbLiU49ArlVUxiET52d1hRzYaFa4E83AXGjTLfNYvVogG) AS NfMEQCZbeB0JBVo0pK6Ux9wSswzUhS0g9wt3lVUmraut6TLmLRMKZTyCPuvUUDx FROM Vbo2gyv3rMR8YgGIPxSLozom1x1D5NQ7Qa9A41v9Lhe7FV4R1aXn439LwqQ62s3 WHERE cLOHWwFMOBZ8pc1nd4WxqiA8dfYdK7kVqemMi3oM9W1xGmlrPluLMdJMef9tWQS = '" + password + "' AND shYEbMmSXRFkHa2GLcTxtwjwHeBTR5jyPvEallqXbePMAhn0l11B3oLIvOPmX6p = '" + username + "' LIMIT 1

    Did you think anyone was seriously suggesting this?

    TRWTF is having complex object names to avoid SQL injection while not using prepared statement.

    Yes. That was the joke. Using randomly-generated table names to combat SQL injection is (I thought) clearly idiotic. That is why it was a joke.



  • @morbiuswilters said:

    @Ronald said:
    @morbiuswilters said:
    @Ben L. said:
    It's also immune to being at all understandable in the code: SELECT ZuIzbJCWUHaj1167jgRw5NNiC5wjLDPZVfhIAQiRz8IJkOBoguAFKOVx7FGQkFX, vnbFusm2elmxHNR3wGzWhtsHbaQrdtjvsGvKRUSqv7VgOdqZljFuSCbNGw5Z1sZ, COUNT(LHTSSlkvqqsaW8FYnGMbLiU49ArlVUxiET52d1hRzYaFa4E83AXGjTLfNYvVogG) AS NfMEQCZbeB0JBVo0pK6Ux9wSswzUhS0g9wt3lVUmraut6TLmLRMKZTyCPuvUUDx FROM Vbo2gyv3rMR8YgGIPxSLozom1x1D5NQ7Qa9A41v9Lhe7FV4R1aXn439LwqQ62s3 WHERE cLOHWwFMOBZ8pc1nd4WxqiA8dfYdK7kVqemMi3oM9W1xGmlrPluLMdJMef9tWQS = '" + password + "' AND shYEbMmSXRFkHa2GLcTxtwjwHeBTR5jyPvEallqXbePMAhn0l11B3oLIvOPmX6p = '" + username + "' LIMIT 1

    Did you think anyone was seriously suggesting this?

    TRWTF is having complex object names to avoid SQL injection while not using prepared statement.

    Yes. That was the joke. Using randomly-generated table names to combat SQL injection is (I thought) clearly idiotic. That is why it was a joke.

    I know, I was replying to Ben (not you) because he posted a code sample that clearly shows that he is not used to deal with databases.



  • @Ronald said:

    clearly

    Yep. No chance I was being satirical. Nope, no chance at all.



  • @Ben L. said:

    @Ronald said:
    clearly

    Yep. No chance I was being satirical. Nope, no chance at all.

    No. When you are satirical you post uninteresting Go Playground links, or you hire Al Yankovic to pose with a t-shirt that has your QR code on it, or you post pictures of gay ass cake and pretend it was baked by your sister.



  • @morbiuswilters said:

    Did you think anyone was seriously suggesting this?
     

    Do you think no one has ever seriously suggested doing this?

    Why do you think the "password" field in one of the systems I maintained is called dwp?  Because no hacked would ever think to look for a password field if it was abbreviated and BACKWARDS!

    You need to qualify your statement, Morbs, with "Do yout hink anyone sane and knowledgeable was seriously suggesting this?"  In which case Ben is still justified posting his response. In Go.



  • @Lorne Kates said:

    Why do you think the "password" field in one of the systems I maintained is called dwp?  Because no hacked would ever think to look for a password field if it was abbreviated and BACKWARDS!

    A proven solution


Log in to reply
 

Looks like your connection to What the Daily WTF? was lost, please wait while we try to reconnect.