Difference between revisions of "Little Bobby Tables"

Revision as of 09:04, 14 September 2015

Little Bobby Tables is the nickname of a character from xkcd, a webcomic by Randall Munroe.

The character represents a cautionary tale about the importance of sanitizing user inputs, in this case against SQL injection attacks.

Dialog

'''School:''' Hi, this is your son's school. We're having some computer trouble.

'''Mom:''' Oh, dear -- Did he break something?

'''School:''' In a way. Did you really name your son <code>Robert'); DROP TABLE Students;--?</code>

'''Mom:''' Oh. Yes. Little Bobby Tables we call him.

'''School:''' Well, we've lost this year's student records. I hope you're happy.

'''Mom:''' And I hope you've learned to [[sanitize your database inputs]].

Full name

Robert'); DROP TABLE Students;--?

SQL statement

In SQL, the statement Robert'); DROP TABLE Students;--? instructs the database management system to DROP (delete) the data table named Students.

In the comic, the school has entered Robert'); DROP TABLE Students;--? into the database, resulting in the deletion of all students records.

It's worth repeating several times: sanitize your database inputs.

See also

• Database
• SQL

External links

• Exploits of a Mom - "Little Bobby Tables"
• xkcd