SQLAuthority News – SQL Injection – SQL Joke, SQL Humor, SQL Laugh

It has been long time since I wrote about SQL Humor. Following is the cartoon sent to me by many (more than 10 times) so far by many users. I did not publish it till now as it has been quite popular and I believed many people has already seen it. However, recently by one of the quite big personality asked me why I have not included this in my blog, so I have finally decided to include that in my blog.

Those who have not understood it, please leave comment here. I will do my best to explain.

Reference : Pinal Dave (http://blog.SQLAuthority.com), Original Location of Cartoon.

14 thoughts on “SQLAuthority News – SQL Injection – SQL Joke, SQL Humor, SQL Laugh

  1. I know what SQL Injection is but I don’t get the relation between “Little Bobby Tables” and “Drop Table Students”. Would you explain it? I’m sorry I’m not a native English speaker and that might be my problem.

    Like

  2. The name ‘Bobby’ is a diminutive or ‘nickname’ for Robert.

    The joke is that the parent named the child

    Robert ‘);DROP TABLE Students;

    And so the database input actually executed the code DROP TABLE Students.

    Which the parent then is making fun of the school for not checking their data inputs.

    (I have no idea how you would import such a string so that it would actually run, but I gues there must be a way)

    Like

  3. I’ll take a whack at it…
    imagine that the program used to enter new students in the database looked something like this:

    sql = ” insert into students (firstname,lastname) VALUES (‘” & field1.value & “‘, ‘” & field2.value & ‘”)”

    normally, it’d be fine, where fields “bobby tables” could be:
    insert into students (firstname,lastname) VALUES (‘bobby’,’tables’);

    with the comic’s first name provided, which is “Robert’); DROP TABLE Students; — ”

    which becomes:
    insert into students (firstname,lastname) VALUES (‘Robert’); DROP TABLE Students; –‘,’tables’);

    in other words, the punctuation inserted causes the insert to become two statements and a comment.

    in other words, insert into students, drop table students and comment out the rest.

    so … as the mother of bobby tables states in the comics,

    “AND I HOPE YOU’VE LEARNED TO SANITIZE YOUR DATABASE INPUTS”.

    cheers.

    Like

  4. Hi,

    Good humour!

    Its simple. The name of the student which school entered in the application caused dropping of the table. Pupils name is
    “Robert’);drop table students”

    Good one.

    Paresh

    Like

  5. THAT was FUNNY!!! If I had a nickel for every time I fixed a database where the only ‘real’ problem was user inputs… I would have more money than Bill Gates!

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s