Hacker News new | past | comments | ask | show | jobs | submit login

Because there are a bunch of companies which do aggregation of information about companies, and not all of them used parameterized SQL queries :-/



This is HTML injection, not SQL.


That’s kind of a minor detail.


Not even all SQL engines support quoting all types of values. BigQuery, looking at you.


And who's problem is that?


On a "what's reasonable" level, or on a "gets you called in by a minister or MP to be yelled at" level?


Solidarity to all of the folks who have had to work with elected officials. I got ripped a new one because I recommended we disable a PHP project in the mid-2000s because a hay bale reporting app (report counts of bay hales on farms) due to an RCE bug. Within a few hours of the app being disabled there was drama from a politician who got a phone call from a prominent farmer...


Speaking of the power of farmers… https://youtu.be/rStL7niR7gs?t=439 The relevant clip is just 20 seconds long.


That is excellent.

Relevant - John Mellencamp using his hit song to siphon off subsidies to his family and relatives.

https://reason.com/2005/04/15/cash-on-the-scarecrow-pork-on/




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: