|
The used * are yours, not his
M.D.V.
If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about?
Help me to understand what I'm saying, and I'll explain it better to you
Rating helpful answers is nice, but saying thanks can be even nicer.
|
|
|
|
|
Did you try:
1. HTML entities, like *
2. ASCII/Unicode in hex/octal \x2a \u002a \052
Some of those might sneak through.
Just a thought from someone who knows nothing of your environment.
Software rusts. Simon Stephenson, ca 1994. So does this signature. me, 2012
|
|
|
|
|
In MySql or MariaDB, most values of INPUT starting with an exclamation mark will cause a syntax error IF there is no space between your opening comment tag and INPUT, eg:
SELECT * FROM test WHERE id= 100 However it's also possible to inject valid SQL that way:
SELECT * FROM test WHERE ID= 100 This query returning all rows in the table. See MySql ref: Comments[^] The idea is that you can then write SQL that works across DBMS, by including code that is only "seen" by MySql.
You can also include query optimiser hints using a similar /*+ hint */ syntax, so you could probably break your query by starting INPUT with a plus sign as well, again only provided there's no space after the opening asterisk.
And yes, this is definitely too much of a programming question to be in the Lounge!
|
|
|
|
|
Won't a semi-colon (;) cause that comment to end?
|
|
|
|
|
|
Message Closed
modified 5-Apr-21 21:01pm.
|
|
|
|
|
And what the f... is the difference between this and the post just below?
@chris-maunder can you answer that?
[Edit]
No need to answer, also the above one is closed
Pay attention to the 'body guards' of this forum
modified 5-Apr-21 21:01pm.
|
|
|
|
|
Are you arguing with yourself?
|
|
|
|
|
Looks like
modified 5-Apr-21 21:01pm.
|
|
|
|
|
Sorry for interrupting. Carry on.
|
|
|
|
|
When ever I see message closed, I always wonder what was there, spam most likely, dodgy web links the mind boggels, having come across some before they stompend they are not very interesting but...
|
|
|
|
|
if (condition)
{
return;
}
else
{
}
cheers
Chris Maunder
|
|
|
|
|
|
if (condition)
{
return;
}
what about this annoys you?
|
|
|
|
|
Your rewrite is how it should be done.
Now get off my lawn.
cheers
Chris Maunder
|
|
|
|
|
Is snot.
if ( !condition )
{
}
return ;
|
|
|
|
|
I believe to be totally proper it should be;
if ( !condition )
{
return;
}
return ;
|
|
|
|
|
If I had a lawn...
|
|
|
|
|
|
What is the value of the redundant return statement inside the braces?
One of my first jobs was processing in a 16K space, and the data was 12K per record. We coded very concisely as we had no room for extraneous code. Today's compilers are far more efficient, but making the processing straightforward and eliminating redundant code is still a good idea.
|
|
|
|
|
I'm retired but I work a lot with embedded systems that have small memory spaces so every byte counts.
The redundant return statements where a joke...to see how screwed up we could make it!
|
|
|
|
|
Mike, you're not even close to how screwed up someone could make this!
I worked with a guy who was intent on cover EVERY possibility. His program executed 700 lines of code when tabbing between fields. If anyone actually clicked something, it go ugly ....
|
|
|
|
|
I've no doubt that it could be more screwed up and I've seen it when I was getting payed to program.
I wonder how some people get into the field and even more how they stay.
|
|
|
|
|
Yeah, the lack of ability in some cases is amazing, and not in a good way.
My boss tells a story of a former employee who made cut-n-paste an art form. Modern art form. This person appears to have never written a line of code -- everything was copied from other programs and web sites, and this person could not understand why the program would not work.
In another situation I taught a COBOL programmer with 5 years experience how to program. I am not a COBOL programmer and have never compiled a single line. This is not picking on COBOL -- this guy did not understand program flow. OTOH, he was fantastic at phone support, which is where he should have been.
|
|
|
|
|
My first developer job at Microsoft required me to analyze code written by a 'developer who got promoted so is no longer available. I and another dev spent hours analyzing this C language mess. Finally, after hours of analysis, we traced deep enough to get to the root of what the code was doing. Result? It returned the number 1.
Yup, that is all the entire 20K lines of code did. The reason it never worked? The array this was used to dereference only had 1 element.
Sheesh.
|
|
|
|