A funny thing happened on the way to a quote..
Mon, Jul 25 2005 10:59
I am looking at buying a new laptop/tablet in the next month or so, and decided to start shopping around a little. At one particular site, I filled in my information expecting to get a written quote, when --BANG-- I caused a page error. The problem is, my address has a ' in it. The result was an attempted SQL code injection... unbelievable. and what's worse, was the site had errors turned on so I got all the juicy information displayed to me. Bloody pathetic. This should NEVER happen !! Of course, the site was written in C#... probably just another homeless wannabe Elvis... Seriously, those kids just shouldn't play with "sharp" toys.
I did however talk to the "shop" owner on the phone this morning, and explained to him that his database was wide open. Hopefully whoever did their C# coding won't have to search the web to learn how to use parameters, but somehow I doubt it. It just amazes me how much crappy C# code I keep seeing lately. It's like these people don't understand windows 101 programming or database 101 programming etc, etc, etc. That's not to say there isn't good C# programmers out there, of course there is, but given the rapid growth of C# from nothing, it's pretty obvious you are going to get a lot of people with "zero" backgrounds all wanting to be Elvis.. damn fashion languages, businesses can't afford that crap.
Oh, and did the "shop" get the order from me... Uhm, no way ... if they can't secure my data they won't be getting my trade.