Http://thedailywtf.com/wtf?sql=WHERE id eq 857
-
Was browsing for Python testing resources when stumbled across PyLint. Looks normal at first, but notice the URL in the address bar! WTF! Seems to me there are two things that could have happened here - they directly copy from URL into database connection string, or have invented entire SQL-like URL query language.
-
Some observations:
Any Y WHERE Y eid 857
This works exactly the same.
Any Z WHERE X eid 857
This throws an error: logilab-astng #3291: failure of inference on overloaded operators
http://www.logilab.org/ticket/3291
Also try:
http://www.logilab.org/view?rql=Any X WHERE X eid 856
http://www.logilab.org/view?rql=Any X WHERE X cid
http://www.logilab.org/view?rql=Any X WHERE X blah
(seems to search comments for the word "blah" or whatever you put in there.)
http://www.logilab.org/view?rql=First X WHERE X blah
-
It's maybe not quite as dumb as it may look. In fact, the site seems to actively endorse using the site this way:
This site is not a content management system with items placed in folders. It is an interface to a relational database.
They're even so nice to provide the schema to their database.
If they are that open about it, I'd assume they have proper rights management and other security mechanisms in place, so you can't mess anything up.
Besides, apparently the queries are not in SQL but in "RQL", a language to query RDF based datasets. There doesn't seem to be much information on the syntax though, unfortunately.
-
@PSWorx said:
If they are that open about it, I'd assume they have proper rights management and other security mechanisms in place, so you can't mess anything up.
That's sad.
...
LET'S TRY IT ANYWAY!!!
-
Word!