use %20 randomly for fun
#NULL!
Submitted 1 week ago by ivanafterall@lemmy.world to programmer_humor@programming.dev
https://lemmy.world/pictrs/image/bb41cd42-c0d1-4c55-9a9e-d4f7b6633c21.jpeg
Comments
cupcakezealot@piefed.blahaj.zone 1 week ago
GreenKnight23@lemmy.world 1 week ago
my favorite thing to do is go to small town websites and look at the page source for their forms. 70% of the time they have inputs commented out to “disable” forms or just deprecated functionality.
I like to uncomment them and submit the forms just to fuck with them 🤣
python@lemmy.world 1 week ago
I was applying to a job recently, and their online form had a “Upload your documents here” field. Problem was, the input was set to only accept a single file. Well, I wanted to upload two, so I just went into the html and added “multiple” to the input. Which just worked, I even checked the network tab to confirm that both files were submitted.
Haven’t heard back from that company yet. It was a web dev position so I hope they appreciate my hijinks 🤞
perviouslyiner@lemmy.world 1 week ago
Always include a % in your song titles to crash car music player software that uses sprintf. (h/t to Dave P)
coolansplanet@lemmy.today 1 week ago
ooh, so it was you then!! 😠
Enkrod@feddit.org 1 week ago
Allow me to make one thing perfectly clear: If you insert those symbols into my perfectly working website… only to mess with me and inadvertently give me vietnam-style flashbacks to the days when I had to deal with incredibly badly formed and misencoded CSV-files on the daily…
Then I will find you and break into your home to replace every second sock with one of the same color and pattern but slightly different make, size or material and you will always wonder why you can’t find any exactly fitting pairs of socks anymore.
ivanafterall@lemmy.world 1 week ago
I willingly embraced mismatched socks years ago. I just pretend it’s a fashion statement. Come at me bro.
vanillama@programming.dev 5 days ago
Don’t let the world change you, this is wonderful
captcha_incorrect@lemmy.world 1 week ago
I always buy identical socks, cannot mismatch if they are all the same.
NotMyOldRedditName@lemmy.world 1 week ago
I started buying all the same sock type, but some might have a little gray or a little brown in the variation, and I dont care, I mix/match.
If one gets a hole its just one of many and is tossed.
Quexotic@infosec.pub 1 week ago
To the op of the screenshot meme, calm down satan
Kojichan@lemmy.world 1 week ago
Usually only happened when a French person copied and pasted their text directly from a Word document… dang weird spaces and accented characters… drove my boss mad when I told him it was because it French, and not a glitch.
Still had to work around it… text counters in textboxes had to account for accented characters, which took two bytes instead of one.
“I only have 2000 letters!” … 2000 including 200 accent characters made it 2200 characters, not 2000.
Hudell@lemmy.dbzer0.com 1 week ago
I remember one day long ago when Notepad++ was the real shit, I was using the vertical selection feature and noticed that the selection was shorter on lines that had accented characters. I thought: “huh, accented characters count as two? What would happen if the selection ended in one? Can I select half a character?” no I could not and I had to restart my computer after trying.
Kojichan@lemmy.world 1 week ago
I loved Notepad++.
Started in DOS with Edit, regular notepad, got introduced to UltraEdit, then found NP++.
… lol. Sounds like you tried splitting an atom.
calcopiritus@lemmy.world 1 week ago
Easy. Just use utf-32 and make the text field a maximum of 500 letters. That will be a maximum of 2000 bytes, doesn’t matter if the user is french or Chinese.
Kojichan@lemmy.world 1 week ago
XD ahahah.
AnUnusualRelic@lemmy.world 1 week ago
“I only have 2000 letters!” … 2000 including 200 accent characters made it 2200 characters, not 2000.
Or, you could count it in Unicode characters, and not in whatever bizarro charset you’re using over there. Then “À” is one character, just as it’s supposed to be.
The problem typically comes from improper conversion between charsets. Like Windows-1252 to Unicode, or something equally horrible.
Kojichan@lemmy.world 1 week ago
I was basically calculating in Javavscript then in PHP for validation before I sent it to Zoho.
The DB also was fine. It was honestly just PHP and Javascript. It’s all good now though!
calcopiritus@lemmy.world 1 week ago
Not if the maximum is due to the database being configured to have a maximum space of 2000 bytes for that field.
Ucarenya@lemmy.zip 1 week ago
How to make your code look ‘modern’ 101
diabetic_porcupine@lemmy.world 1 week ago
mlg@lemmy.world 1 week ago
I remember feeling extra powerful when Moonshell for the DS shipped with UTF-8 and UTF-16 support because the developer was japenese and wanted to make sure any language would work.
Jakylla@jlai.lu [bot] 1 week ago
□□□□□□□□ !!
LovableSidekick@lemmy.world 1 week ago
Former dev here, can confirm on occasion it does.
_stranger_@lemmy.world 1 week ago
Allow me to introduce you to my favorite Unicode character, the zero width space
Opisek@piefed.blahaj.zone 1 week ago
Unfortunately, evil people blacklist this character a lot :(
May I introduce you to my favorite Unicode character, the Braille zero dots
captcha_incorrect@lemmy.world 1 week ago
Here is the big list of naughty strings.
lalala@lemmy.world 1 week ago
What kind of devil came up with this?
Strawberry@lemmy.blahaj.zone 1 week ago
The justification is on the linked page
blah3166@piefed.social 1 week ago
that sounds awesome! (there’s 10k zero width spaces between the quotes ->’’.)
Whelks_chance@lemmy.world 1 week ago
Odd, on the Connect app it shows a bunch of spaces, but not 10k of them.
solxix@pawb.social 1 week ago
On Interstellar it shows up as normal spaces for me so there’s just a giant block of empty space
_stranger_@lemmy.world 1 week ago
flint@lemmy.zip 1 week ago
Pika@sh.itjust.works 1 week ago
Ok calm down there Satan. Leave some chaos for the rest of us 😅
ValiantDust@feddit.org 1 week ago
Unless they work for Microsoft. Teams has been showing � instead of ä for the caller’s name in the popup when someone calls for several weeks now. It didn’t use to do that before. I don’t think they care anymore.
ChickenLadyLovesLife@lemmy.world 1 week ago
I don’t think it’s even “they” any more.
elvith@feddit.org 1 week ago
I � Unicode!
FreshLight@sh.itjust.works 1 week ago
I like this very much! It implies that the person expressing this knows exactly how they feel about Unicode. It’s just us, the readers (or some other link in the chain), who have/ has the wrong encoding.
davidagain@lemmy.world 1 week ago
You monster!
oopsgodisdeadmybad@lemmy.zip 1 week ago
Can this really not be fixed?
I still see this in various text that’s meant to be readable.
Usually ampersands are the biggest culprit, but is it just a really sacred data type that can’t be upgraded to include punctuation, but can include the foreign looking wingdings that try to stand in for it?
I’m just confused on why those characters have multi character reference names that aren’t part of the regular alphabet or punctuation set either, but those still show up instead of having room to just remove the erroneous reference with the actual character.
It’s 2026, just dig out this fossil and fix it already.
Hudell@lemmy.dbzer0.com 1 week ago
The characters are all in your own pc. The text data is actually just numbers, referencing the index of each character in a reference table.
Early on someone thought “let’s create a bunch of different reference tables and each country uses the one that is best for them so we don’t have to include every character in the world”.
But that thinking has a critical problem: when you write some text that will only be read within the country, you don’t need to keep track of which table you used because everyone will be using the same. Soon you forget that there are other tables for other countries so when you do send an international text using your table as a reference, the person on the other side will be parsing it using their own table and the resulting text will be different. And sometimes when this mixup happens, the index referenced by the text in the other table may actually be some internal control character that is not meant for rendering.
These days the problem is “mostly fixed” by the near-universal adoption of a single reference table that proposes including verything you may ever need (even a lot of emojis) - but this large table means that each character in a text may need more digits to represent the intended index so the total file size for the same text is larger than it would be with the non-universal table.
oopsgodisdeadmybad@lemmy.zip 1 week ago
Exactly. My point is to move to a single universal standard that is used by literally everything so this never happens. Just cut off everything that can’t be updated, and it can just sink or swim based on how well it can parse the new table.
Fuck all that ancient non-updateable shit. There’s no good reason that old table still exists, much less be possible to use this side of 2000.
Obviously this has legacy problems, but fuck those systems, everyone gotta get new shit now, tough shit. The old table should be cause for new shit to fail compiling in the first place. Shouldn’t be possible to use it.
Let’s just make forward progress, and lose the chains.
dohpaz42@lemmy.world 1 week ago
It’s 2026, just dig out this fossil and fix it already.
That’s the joke. 😅
funkless_eck@sh.itjust.works 1 week ago
the wrong UTF encoding is usually the issue
ODuffer@lemmy.world 1 week ago
▞☒ę
gruvn@sh.itjust.works 1 week ago
Pretty sure that’s illegal here.
NoSpotOfGround@lemmy.world 1 week ago
Not always, but most times, yeah.
9point6@lemmy.world 1 week ago
Actual monster
Kenny2999@lemmy.world 1 week ago
RobertTableaux@programming.dev 1 week ago
My day has come!!!
deadbeef79000@lemmy.nz 1 week ago
Don’t sanitise inputs. Reject non-conforming inputs entirely.
But otherwise: yes.
nonagonOrc@lemmy.world 1 week ago
No fuck both of those, just use prepared statements so user input can’t be interpreted as SQL.
Valmond@lemmy.dbzer0.com 1 week ago
And end up having loads of valid requests rejected 😁
akunohana@piefed.blahaj.zone 1 week ago
How would you do this in C? I’m a beginner. Does it entail checking/disallowing certain characters and data types? What? 😃
copacetic@discuss.tchncs.de 1 week ago
If you use the SQLite C API like this
char query[256]; snprintf(query, sizeof(query), "SELECT * FROM users WHERE username = '%s'", username); int rc = sqlite3_exec(db, query, NULL, NULL, &err_msg);
and someone enters
Robert’; DROP Table Students;–as username, it deletes the table Students.const char *sql = "SELECT * FROM users WHERE username = ?"; int rc = sqlite3_prepare_v2(db, sql, -1, &stmt, NULL); if (rc != SQLITE_OK) { fprintf(stderr, "Failed to prepare statement\n"); return; } sqlite3_bind_text(stmt, 1, username, -1, SQLITE_STATIC);
Using this “prepared statement” and “bind”, your code is secured against such SQL injection attacks.
LovableSidekick@lemmy.world 1 week ago
You wouldn’t - what they’re describing is called “SQL injection” - a way to fool poorly written web server code (regardless of what language it’s writen in) into executing SQL code. The poorly written server code takes what’s entered in a form field on a web page and pastes it into a skeleton of a SQL statement - in this case the text in the input field is SQL that ends the intended statement, followed by a new statement that deletes a table. For this to even work, the SQL skeleton on the server would have to be structured in just the right way so the modified version with the pasted-in text still makes sense. For this reason, hackers attempting SQL injection usually have to do a lot of trial and error to get something to happen. The only way it can work at all is if the server software handling the web page sends SQL commands to a database server as text, as if they’re being typed in, and the server executes them. You can’t inject C in this way because unlike SQL, C code isn’t just executed, C programs have to be precompiled.
jaybone@lemmy.zip 1 week ago
Many languages like C, Java, Python, etc allow you to construct SQL queries or SQL statements, where SQL is its own language used to communicate with a database, like Oracle or MySql, or Postgres or MSSQL. One way to do this is to construct a string in your language using whatever string functions, concatenation etc available in your language. The problem occurs because usually you want some kind of user input as one of the parameters in your sql query, in order to fetch the correct records the user is asking for. Like say a record ID or name. If you do not properly sanitize that ID or name which originally comes from some type of user input, then a malicious user could carefully craft an ID or name which includes their own SQL and other special characters, which will interfere with the query you intended to construct, and instead do something malicious. Like delete records or obtain records the user is not supposed to have access to.
There are many ways to guard against this, and you should learn about this when you start working with SQL and databases. It’s called a SQL injection.
There is another type of code injection which can occur if you are making exec() calls (or whatever your language uses) to run shell commands. Similar caution should be taken there.
vrek@programming.dev 1 week ago
How do you sanitize your inputs or how do you exploit inputs which are not sanitized.
Klear@piefed.world 1 week ago
I see little Bobby Tables is all grown up
Valmond@lemmy.dbzer0.com 1 week ago
He’s taking painting classes. Let’s see if the database there can handle him!
Rhaedas@fedia.io 1 week ago
Depends on if it breaks the form and they get called. Actually if it gets through they might rightfully question their sanitation coding.
zqwzzle@lemmy.ca 1 week ago
[object Object]
inari@piefed.zip 1 week ago
NaN
resipsaloquitur@lemmy.cafe 1 week ago
What? My mother was a saint!
panda_abyss@lemmy.ca 1 week ago
Yes?
Valmond@lemmy.dbzer0.com 1 week ago
Calm down satan 😅
fibojoly@sh.itjust.works 1 week ago
And I would be the one biting that bait hard because mojibake are like a pet peeve of mine.