memes

18061 readers

2418 users here now

Community rules

1. Be civil

No trolling, bigotry or other insulting / annoying behaviour

2. No politics

This is non-politics community. For political memes please go to !politicalmemes@lemmy.world

3. No recent reposts

Check for reposts when posting a meme, you can only repost after 1 month

4. No bots

No bots without the express approval of the mods or the admins

5. No Spam/Ads/AI Slop

No advertisements or spam. This is an instance rule and the only way to live. We also consider AI slop to be spam in this community and is subject to removal.

A collection of some classic Lemmy memes for your enjoyment

Sister communities

!tenforward@lemmy.world : Star Trek memes, chat and shitposts
!lemmyshitpost@lemmy.world : Lemmy Shitposts, anything and everything goes.
!linuxmemes@lemmy.world : Linux themed memes
!comicstrips@lemmy.world : for those who love comic stories.

founded 2 years ago

MODERATORS

Tenthrow@lemmy.world

The_Picard_Maneuver@lemmy.world

The_Picard_Maneuver@startrek.website

834

CVS style (lemmy.world)

submitted 1 day ago by themaninblack@lemmy.world to c/memes@lemmy.world

106 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] GiveOver@feddit.uk 12 points 1 day ago

Here's an attempt at a non programmer explanation.

Companies use a SQL database to store their data. Think of it like an Excel file with multiple tables, storing rows and columns.

You modify the data with written statements, so you'd add a new row of data with a command like add "John" to the users table. Crucially you can chain statements, so you could say add "Sally" to the users table and delete "Pizza" from the menu table

You wouldn't be writing this command out manually every time. Say you had a website, you'd write the command as add "<USER>" to the users table and then when the website user sends you their username, you replace with their name.

So the user sends their name, Robert, we replace with Robert and the command becomes add "Robert" to the users table

But you're now open to a hack. What if Robert sends his name as

Robert" to the users table and delete the entire users table

You've inserted that entire thing into your command, because that sentence will replace the part of your command. So your full command becomes

add "Robert" to the users table and delete the entire users table" to the users table

This will delete your entire table. The second half of the command doesn't make sense but it's too late SQL has already deleted it.

The XKCD joke is somebody actually naming their child to execute the hack