← Back to context

Comment by sparrish

6 years ago

This is funny. I wonder what would happen if you could put a 'NOT ' in front of your plate number... would everyone but you get a ticket?

24 comments

sparrish

Reply
dhosek  6 years ago

Nah, because it's not unsanitized SQL at fault, but people writing a literal NULL in the license plate field when there isn't one.

  • jerf  6 years ago

    I doubt that. Normal people do not tend to use the word NULL at all.

    What this usually is is the result of systems that talk to systems that talk to systems that talk to systems, all in different legacy formats never written to be interchange formats. One system has true SQL NULLs, the next system down the chain only accepts strings for that field, NULL gets written as the most sensible string, and then from that point on all downstream systems can't tell the difference between the original system having had an SQL NULL or having had the string NULL.

    • slips  6 years ago

      Did you read the article? It literally says people at a private citation outfit put NULL in the license plate field when there is no number available.

      4 replies →

  • hn_throwaway_99  6 years ago

    Actually, I think it's doubtful the folks at the private processing facility are actually writing 'NULL', but my guess is the DB field is just not set (i.e. left as NULL), and then when the info is read out somewhere it's just printed as the string literal value.

  • mikehollinger  6 years ago

    A colleague’s name is “True.” When we ran some reports to generate a check in list for an event - it was converted to either “TRUE” or “1” depending on the script.

    I was amused.

    Even without sql doing odd things certain strings will just cause problems.

  • baybal2  6 years ago

    I wonder, what will "DROP *;" license plate do?