Most languages support prepared statements that properly handle strings for you. Take a look at the python API for databases (this is sqlite3, but other dbs use the same system).

Straight from that page:

t = (symbol,)
c.execute('SELECT * FROM stocks WHERE symbol=?', t)

Notice the lack of escape_my_strings_no_really_please_this_is_the_right_method("string");. Clean huh? People still using sprintf() or string concatenation for this sort of thing after all these years reap what they sow.

As for your post below:

The fact that you're even contemplating on running shell commands based on user input is pretty much damning in my opinion.

I guess you're the type of person they sell those SQL-injection-protection proxies to.

Dear slashdot editors and admins,
Please google the term "Jumping the shark". It is a concept you might want to familiarize yourself with. Oh hell, I'll just link it for you, since using google might be too geeky. Note that it doesn't necessarily involve actual sharks (nor any laser attachments to said sharks).

Lose touch much with your core demographic lately?

Neat, now I can put my drink somewhere and enjoy the soothing whirring sound of a server running at full blast.

Well, gee, this internet thing is smalltime compared to those numbers. It's a pity cablemodems don't burn as well as books or newspapers, we could do with a good old fashioned bookburning, especially with those oil prices... Oh well...

Pray tell me what tax paradise do you live in? I pay that on top of my income tax.

Here is a nice article on the subject. Now hand in your geek card.

I guess it's time for me to fetch that cup of coffee and test my theory. ;)

In all honesty, I think it's okay to fail every now and then when testing and experimenting with things. We learn mostly by doing, and the most valuable experiences are always the ones where we fail and learned something in the process. There are scenarios where failure is not an option, and at those times it's for the best to have the experience of knowing what won't work. The thing is, it's part of the "creative/innovative process", and I don't believe your employer should pay special attention to it other than giving you the opportunity to do so every now and then where it doesn't really impact anything critical.

The whole sharepoint thing seems like one of those management decisions in a company where "innovation" has become a buzzword. A few months ago I attended a meeting where management had suggested that we should make room for innovative projects. They decided that people were free to come up with ideas and suggest them to management, providing there would be an acceptable planning and feasibility study, etc etc. Sounds like common sense right?

The whole thing got bogged down in red tape of course. The few ideas that bubbled up in "creativity workshops" have become so twisted and bloated in scope that they would require several manyears to achieve, which is impossible on the shoestring budget they set aside for it. I'm not lamenting the whole budget thing, nor the fact that management kind of wants to track the process itself, it's just the way they're doing it.

They've got the sharepoint thing, and they've added tons of overhead, including documenting and reporting your progress in a fashion that would make bureaucrats roll their eyes (similar to ECSS standards for those familiar, which is way overkill for the whole thing anyway). For every hour you're spending on trying something you're faced with at least an hour of paperwork. So most people who had this small interesting idea, are now saddled with a full blown project that exceeds the scope of "scratching an itch" and working from there, up to a point where it's interfering with actually getting stuff done.

So the end result will most likely be (fairly costly) failure. It's more than okay to shoot yourself in the foot sometimes when trying out something in an environment where you can't do any harm. But people are going to be far less inclined to pull the trigger if everyone sees it giving opportunity for people to use it against you with an extremely well documented failure. I hope that explains why my previous post was rather cynical.

I personally tend to experiment a lot in the early stages of projects where we are considering various solutions to a problem. And I do so most of the times by breaking the stuff I've built several times, fixing it and in the end picking the solution I feel most confident with. While I'm experimenting I just take short notes, instead of documenting everything. Fully document the solution you pick and the reasons why you feel it's the best solution, not the minute details of the process of experimenting itself. So far that approach has worked for me and I don't think adding more oversight or overhead to that initial process contributes anything useful.

Hey, it takes hard work to get into the Hall Of Shame page on the company sharepoint. Not only do you need to shoot yourself in the foot, but you need to do so in public for everyone to see.

That moment you go for a cup of coffee and all the people around the watercooler stop talking, that's the moment you know they've seen the Hall Of Shame page. You should bask in the glory of your achievement at that moment.

You mean the slashvertisments? Yeah, those are terrible. I understand that you guys want to generate additional revenue from the site, but really you've been pushing the boundaries of what some of your audience will consider as an appropriate story.

You've got a mostly technically inclined audience, and trying to sell them a "database proxy" that prevents SQL Injections will pretty much put off anyone who's done serious work in that area. You're not exactly catering to the easiest audience, but you managed to do so for the most part in the past 10 years. If you suddenly forgot how to pander to your audience, I really think you should have a look at your community and its roots and see where exactly you've lost touch.

No, please... We've got the will it blend guy pimping his blenders, the will it fry guys with their tesla coils, and more enough kids with fireworks or hammers on youtube. Do something neat, something geeky. Do something that makes me go "Oh cool, I want to build one too" and grab my soldering iron or favourite editor of choice. Don't build a "death ray" out of a giant magnifying glass (remember that horrible story?) and burn yet another iphone/ipod. It's been done to death, and is extremely not geeky.

I think it's very likely that certain autism spectrum disorders are overdiagnosed, most commonly asperger's syndrome. It's like it is the latest trend in psychology to classify introvert intelligent people as having asperger's syndrome. I've come across more than a few people who function quite well in social scenarios that have been labeled as having aspergers where I seriously want to ask the question "Isn't (s)he just shy or introverted?".

The only person that I was quite convinced he had Asperger's was a man who really showed problems interacting in social scenarios. He wasn't a bad person, but he would sometimes make remarks that were inappropriate to the situation or the mood. He would often come off as rude and arrogant, insult people without realizing it, obsess over small details and maintained a very strict schedule that was nearly mechanical. I know that this sounds a bit condescending over the person, since the above factors alone don't necessarily give you Asperger's, after all he could just be a rude person who overly focused on the details, but if you worked with him for a couple of days you would get this feeling that something was slightly off.

I believe that in many cases people who go take an ASD test do so convinced that they've got Asperger's and will answer questions to skew the results in favor of what they were expecting. Any person intelligent enough can fairly easily subvert standardized psychological testing, and the people typically wondering about Asperger's syndrome are introvert intelligent people. As a part of a discussion about this topic I've done the first diagnostic tests myself twice, once normally and once with the intention of being diagnosed as having Asperger's, and it's needless to say that I got the results I was expecting in both cases. I think we have a lot more hypochondriacs than we have people with Asperger's Syndrome, and the initial diagnostic tests (often found online by the way) play into that by having people visit psychologists for at least 3 times to do an extensive test. The extensive testing here consists of a standardized series of questions (which are often the same questions worded differently for verification purposes), a logical test (including once again the tower of hanoi problem, which every programmer is familiar with) and another test, but I forgot what the third part was, each in a seperate session, followed by a session where the psychologist tells you the results. That's 4 visist guaranteed for everyone who takes the introduction test and manages to score high enough and become worried.

I also believe that it currently is a trend among psychologists to overdiagnose relatively harmless conditions such as Asperger's Syndrome and ADHD. The sale of Ritalin (for treatment of ADHD) has gone through the roof in the past 10 years here, with students starting a black market in schools because the drug supposedly helps you study better during exams. Many parents with kids that are underperforming in school take their children to psychologists expecting an answer among the lines of a psychological disorder instead of asking themselves the question if their child would rather study something different. After all some people just don't care about Latin or math, so it's no wonder they perform badly when their parents force them in that direction because of their own desires.

It's become all too common to hear people say "Well, he's not performing well in school, but it's because of ADHD", while he's been sitting there real quietly reading a comic book in the background for the past 20 minutes. It just reeks of "I pushed my kid in the wrong direction, and now I don't want to admit it, so I get a psychologist who told me it wasn't my fault. If he pops these pills he'll be fine."

Having said that, I don't want to downplay Asperger's Syndrome (or ADHD) or the standardized testing for it. I've certainly come across people who definitely fit the description, and the tests themselves are fine if people answer them truthfully. I wouldn't be surprised if the number of cases of Asperger's Syndrome are higher than one would expect, but I do think that the number of diagnoses are far too high at the moment due to the reasons stated above.

This is the sentence that brought me to ADHD, since it's become a bit of a short newsitem here several times how the sale of Ritalin has risen to massive proportions and an in depth documentary showed that many schools have a Ritalin black market organized by students. The pharmceutical industry has nothing to lose when mild disorders like this are overdiagnosed, in fact it helps their bottom line. However, I wouldn't go as far as insinuating something. I'd rather assume that the overdiagnosis is due to "popularity" and the pharmaceutical industry is all too happy about it, until real irregularities start showing up.

I think that a lot of the ADHD cases are due to the fact that we've got constant streams of information being shoved in our face today. It's hard to stay focussed on one subject when in your pocket there's a device that's constantly interrupting you with text messages, phone calls, tweets, facebook updates, and various other notifications. We're in a world full of these stimuli and it's becoming increasingly hard for most people to focus on a single thing and drop that cellphone or close that webbrowser for a while. I've noticed in company meetings lately that many people are using their cellphones in intervals of 5 minutes, either to look something up or quickly check their mail, etc etc etc. While this could be considered to be the recent equivalent of doodling on the minutes of meeting, this is something that completely grabs the attention away fromt he points of discussion (causing longer and less productive meetings, which I vehemently hate)

Mankind (or at least "men" according to some articles) are not made for multitasking, yet somehow our environment is constantly grabbing our attention trying to get us to multitask. We either need to train ourselves better at dealing with all the information being thrown at us constantly (deal with it in manageable chunks, rather than 10 second interruptions) or we're going to have to quickly learn how to efficiently multitask (which I doubt is possible).

And then we haven't even dealt with chemicals and other environmental properties that have various effects on us and our offspring.

Even a stopped clock tells the right time twice a day

My basem^H^H^H^H^H hacker cave simply doesn't have any room for a storage array in the PB order.

If I remember correctly the lawsuit was not about linking, it was about the use of their content on google news. However, the court ordered ALL content to be removed, and google complied with exactly that. But it was a wonderful case of biting the hand that feeds.

Before the whole scientology thing there was plenty of people on 4chan busy with hacking, they just didn't style themselves as "Anonymous". It's the scientology protests which started the whole "Anonymous is legion" thing. Their offline activities before that were mostly benign flashmobs dressed up in various types of topical (for 4chan at least) getup and in far smaller numbers simply "for the lulz".

You can argue about "Anonymous predating 4chan" as much as you like, but the culture of the collective is drenched in the memes and culture of that site and was so since it's inception. This however doesn't mean that they are exclusive to 4chan, just that if you go back in time you'll find the roots of the collective there. Note that I'm not saying that all of 4chan is the collective "Anonymous", as the opinions on the group there are divided.

The word "geniuses" is clearly oversensational, but I would say that the analogy is mostly apt. What better a way to describe a few kids smart enough not to get caught (YMMV, see lulzsec) while egging on other kids voluntarily running DoS tools on their computers? It's mob mentality on the internet, nothing more and nothing less. Hell, if you gather enough of the "legion of idiots" in a room you'll get the same mentality, which is why 4chan is no longer welcome at conventions.

I find it amusing that in this day and age people (especially journalists) still don't "get" how online communities work. Take real world behavior, add a layer of "anonymity", et voila instant greater internet fuckwad theory to a certain extent. Sure, not every online community is like this, but if it is convinced it can act without impunity you will get the exact same phenomenon as "Anonymous" eventually.

No need to show footage of a van exploding, no terrorist cells, just people being dicks.

I agree that the reaction to this whole thing is drawn out of proportion, but the reaction to most things seems drawn out of proportion these days. While I don't think that just being a dick warrants punishment, there's obvious cases where the law can step in: harassment phonecalls (often including death threats), participating in DDoS attacks, actually hacking servers, etc... I think that the justice system should use common sense in their approach to the lesser things (eg. community service), and for the more egregious offenses a more severe punishment. But letting it slide just because they are "unskilled teenagers" is simply silly, because the last thing these unskilled kids need is confirmation that they can actually do these things without impunity.

I refuse to believe that the average 15 year old downloading LOIC doesn't stop to think about what they're doing and make a moral choice. But I also refuse to believe that we should punish them beyond a (albeit serious) slap on the wrist.

They'll start once the lawyers stop salivating on the license included with the javascript.

They're seeing dollar sings already.