Thanks to Joe D. for the SQL injection by automobile photo in the earlier post.
Something else I happened to stumble across, while reading a Stack Overflow thread (“We have an employee whose last name is Null. He kills our employee lookup application when his last name is used as the search term (which happens to be quite often now).”). There’s a website devoted to preventing SQL injection.
Is that unusual? No. But the URL sent me into giggling fits. My hat is off to the folks behind this site.
Something else I’ve been meaning to link, and which Tom Ritter’s Twitter feed reminded me about: “Applied Cryptography Engineering“.
Applied Cryptography was an important book for me, and I don’t have the chops that would allow me to intelligently criticize Schneier or Thomas Ptacek. But even I have to admit that AC is almost twenty years old; that’s two or three lifetimes in cryptography. (Also, that makes me…f’ing old.)
I’m glad you like bobby-tables.com. Tell your friends about it so that more newbies can learn the right way to prevent SQL injection. Also, if you have updates or suggestions, the entire site’s source code is at https://github.com/petdance/bobby-tables