Difference between revisions of "Little Bobby Tables"

From Wiki @ Karl Jones dot com
Jump to: navigation, search
(Sanitize your inputs)
(External links)
 
Line 52: Line 52:
 
* [https://www.google.com/#q=Little+Bobby+Tables Google search] "Little Bobby Tables"
 
* [https://www.google.com/#q=Little+Bobby+Tables Google search] "Little Bobby Tables"
 
* [http://stackoverflow.com/questions/332365/how-does-the-sql-injection-from-the-bobby-tables-xkcd-comic-work How does the SQL injection from the “Bobby Tables” XKCD comic work?] @ Stack Overflow
 
* [http://stackoverflow.com/questions/332365/how-does-the-sql-injection-from-the-bobby-tables-xkcd-comic-work How does the SQL injection from the “Bobby Tables” XKCD comic work?] @ Stack Overflow
 +
 +
[[Category:Comics]]
 +
[[Category:Computer security]]
 +
[[Category:Computing]]
 +
[[Category:Databases]]

Latest revision as of 14:54, 24 April 2016

Little Bobby Tables is the nickname of a character from xkcd, a webcomic by Randall Munroe.

The character represents a cautionary tale about the importance of sanitizing user inputs, in this case against SQL injection attacks.

Image

Source: Exploits of a Mom

exploits_of_a_mom.png

Dialog

School: Hi, this is your son's school. We're having some computer trouble.

Mom: Oh, dear -- Did he break something?

School: In a way. Did you really name your son Robert'); DROP TABLE Students; --?

Mom: Oh. Yes. Little Bobby Tables we call him.

School: Well, we've lost this year's student records. I hope you're happy.

Mom: And I hope you've learned to sanitize your database inputs.

Full name

Robert'); DROP TABLE Students;

Results of SQL statement

In the comic, the school has entered Robert'); DROP TABLE Students; into the database, resulting in the deletion of all student records.

Sanitize your inputs

It's worth repeating several times: sanitize your database inputs.

Other kinds of inputs exist, requiring their own security techniques.

Sanitize all your inputs, whatever the purpose.

See also

External links