Difference between revisions of "Little Bobby Tables"

From Wiki @ Karl Jones dot com
Jump to: navigation, search
(External links)
(Results of SQL statement)
Line 29: Line 29:
 
== Results of SQL statement ==
 
== Results of SQL statement ==
  
In the comic, the school has entered <code>Robert'); DROP TABLE Students;--?</code> into the database, resulting in the deletion of all students records.
+
In the comic, the school has entered <code>Robert'); DROP TABLE Students;--?</code> into the database, resulting in the deletion of all student records.
  
 
== Sanitize your inputs ==
 
== Sanitize your inputs ==

Revision as of 04:14, 15 September 2015

Little Bobby Tables is the nickname of a character from xkcd, a webcomic by Randall Munroe.

The character represents a cautionary tale about the importance of sanitizing user inputs, in this case against SQL injection attacks.

Image

(TO DO: image.)

Dialog

School: Hi, this is your son's school. We're having some computer trouble.

Mom: Oh, dear -- Did he break something?

School: In a way. Did you really name your son Robert'); DROP TABLE Students;--?

Mom: Oh. Yes. Little Bobby Tables we call him.

School: Well, we've lost this year's student records. I hope you're happy.

Mom: And I hope you've learned to sanitize your database inputs.

Full name

Robert'); DROP TABLE Students;--?

Results of SQL statement

In the comic, the school has entered Robert'); DROP TABLE Students;--? into the database, resulting in the deletion of all student records.

Sanitize your inputs

It's worth repeating several times: sanitize your database inputs.

More generally: sanitize all your inputs, whatever the purpose.

See also

External links