The Lounge is rated PG. If you're about to post something you wouldn't want your
kid sister to read then don't post it. No flame wars, no abusive conduct, no programming
questions and please don't post ads.
Someone down the pub enjoying an egg sandwich while have a couple of drinks
Lobster Thermidor aux crevettes with a Mornay sauce, served in a Provençale manner with shallots and aubergines, garnished with truffle pate, brandy and a fried egg on top and Spam - Monty Python Spam Sketch
Talk to your boss. If that POS got through a security audit then the whole audit is flawed and there may be much worse stuff in there. Presumably, you hold security checks for a reason - that you need to be at least reasonably secure - but someone has not done their job at all well, and needs "education" on his or her role in the company.
Or a P45.
If you get an email telling you that you can catch Swine Flu from tinned pork then just delete it. It's Spam.
If that's anywhere where a malicious user can get at it, i.e. a public system or a system available to all employees, then imo it's serious enough that you should raise it even if it causes some significant inconvenience for you to go through the process.
Not only is it a huge data security hole in the application, but it shows significant failings on the part of the security auditors. If they were external you might even have a good case for getting some money back on the basis that they didn't do the job you paid them for, and if they were internal then they clearly need discipline and/or training for not doing their job to a professional standard.
There's bad code everywhere which is amusing to look at and that's fine. But when it goes to the level of SQL injection vulnerabilities then someone needs to fix it and make sure it doesn't happen again.
this SQL wont work if you look closely!
you have a double quote at the end of the textbox (\") and not at the start, just a random '/'
this will never work. (or are you making this up for a troll response)?
alternativly, the last quote is fake or left because you doctored the SQL for us mere mortals,
and potentially your after a number only. so "SELECT * FROM USER WHERE USER="+textBox1.Text;
this is for only a number (as any string will make the SQL fail) so only a number will work,
and the textbox will have to have been validated to only accept a number and therefore you wont have a problem as you cant SQL inject with only a number!
i recon you are either trolling, or have not looked close at this, as if you even had 1 char in this SQL it will fall over.
I'm from Newcastle, I already spell "same" as "seym".
All languages 24 characters?
Arabic is pretty strictly phonetic and it has 28. For example ع is normally transliterated as a' and pronounced like trying to say a very short "a" while strangling oneself so that is missed alone.There are at least four different versions of "a" that I can think of S, D and T have two forms and there are several types of "h" only two of which are captured. God alone knows what would have to languages even less related to the Indo-European group.
It is, however, a good way of converting English so it looks like it was written by a Russian using a Dutch dictionary.