It has been long time since I wrote about SQL Humor. Following is the cartoon sent to me by many (more than 10 times) so far by many users. I did not publish it till now as it has been quite popular and I believed many people has already seen it. However, recently by one of the quite big personality asked me why I have not included this in my blog, so I have finally decided to include that in my blog.
Those who have not understood it, please leave comment here. I will do my best to explain.
Reference : Pinal Dave (http://blog.SQLAuthority.com), Original Location of Cartoon.
I know what SQL Injection is but I don’t get the relation between “Little Bobby Tables” and “Drop Table Students”. Would you explain it? I’m sorry I’m not a native English speaker and that might be my problem.
Can u explain more please?
The name ‘Bobby’ is a diminutive or ‘nickname’ for Robert.
The joke is that the parent named the child
Robert ‘);DROP TABLE Students;
And so the database input actually executed the code DROP TABLE Students.
Which the parent then is making fun of the school for not checking their data inputs.
(I have no idea how you would import such a string so that it would actually run, but I gues there must be a way)
I’ll take a whack at it…
imagine that the program used to enter new students in the database looked something like this:
sql = ” insert into students (firstname,lastname) VALUES (‘” & field1.value & “‘, ‘” & field2.value & ‘”)”
normally, it’d be fine, where fields “bobby tables” could be:
insert into students (firstname,lastname) VALUES (‘bobby’,'tables’);
with the comic’s first name provided, which is “Robert’); DROP TABLE Students; — ”
which becomes:
insert into students (firstname,lastname) VALUES (‘Robert’); DROP TABLE Students; –’,'tables’);
in other words, the punctuation inserted causes the insert to become two statements and a comment.
in other words, insert into students, drop table students and comment out the rest.
so … as the mother of bobby tables states in the comics,
“AND I HOPE YOU’VE LEARNED TO SANITIZE YOUR DATABASE INPUTS”.
cheers.
Hehe, good one!
Please elaborate more…
Search for SQL injection in google/bing
Hi,
Good humour!
Its simple. The name of the student which school entered in the application caused dropping of the table. Pupils name is
“Robert’);drop table students”
Good one.
Paresh
I enjoyed this actually this is a good one to realize about the validation of the inputs.
Lol, even though i got it, Vaevictus explained it quite well
THAT was FUNNY!!! If I had a nickel for every time I fixed a database where the only ‘real’ problem was user inputs… I would have more money than Bill Gates!
hey really good one. Provides better understanding about the sql injection.
Thats cool. I have seen lot of people referring that
Here is an approach with derived table that avoids sql injection
http://beyondrelational.com/blogs/madhivanan/archive/2010/05/14/derived-table-new-approach-to-avoid-sql-injection.aspx
Good one.
I really enjoyed it.