- Feature Articles
- CodeSOD
- Error'd
-
Forums
-
Other Articles
- Random Article
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
Not just French names either. Plenty of names like O'Connor in Ireland (and by extension, in the US where a lot of the Irish migrated).
Admin
The pedant in me really wants to point out that "D'Tables" is not a correct French contraction.
Admin
I remember introducing my brother - an amateur PHP web developer - to prepared statements. He was absolutely overjoyed. He always thought there was something a bit wrong with using string interpolation and finding out that there was a proper way to parameterise your queries was a revelation.
Admin
Disappointingly, Google translate tells me that the French for "SQL table" does not begin with a vowel.
Admin
As for the last one, just hope nobody ever sets ANSI_QUOTES in sql_options...
Admin
Error log, error log
Every morning you greet me
Gigabyte, full of sh*te
How I long to delete thee
Running so slow you just bloomin' grow
Bloomin' grow for ever
Error log, error log
Fill my disk up for ever
Admin
Sane solution: use prepared SQL statements, so the error log won't fill the disk stupidly, and as a bonus it fixes the cybersecurity.
Enterprisey solution: stop logging the errors, so the error log won't fill the disk stupidly.
Very enterprisey solution: don't touch the code, and get some intern slave to purge the error log every 24h instead.
Very very enterprisey solution: don't touch the code, and get some intern slave to purge the error log every 24h. Then realise the error log still grows too fast, so stop logging errors.
Very very very enterprisey solution: don't touch the code, and get some intern slave to purge the error log every 24h. Then realise the error log still grows too fast, so stop logging errors, but still tell the intern to continue purging the error log every day.
Ultimate enterprisey solution: Fire all the devs, and get some underqualified and underpaid sub-sub-sub-sub-sub-contractors from a poor country to deliver in 6 months a fix that'll actually make the problems twice worse.
Admin
My only quibble is that you seem to have missed the interim stage where the intern slave purges the error log more often than 24h.
Or an automated task is generated to purge the log at the desired interval. Bonus points if the automation generates more errors.
Admin
Easy (bad) solution. Make a hard link from /dev/null to the log file location, no application knowledge required!
Admin
I think the enterprisey solution would be to install Splunk and write fancy rules to ignore this error. :-)
Admin
This is NOT Brillant! Love it!
Admin
And of course the automated task would take longer to do than just fixing the bug.
Admin
Pretty sure the automated task is written in a way that it doesn't actually find any errors to purge, because it fails to open the log, or opens the wrong file.
Admin
Kinda surprised there's not a "replace ' with ´" in there. Our homegrown customer data bse mangling tool literally had to be extended every time somebody with a new accented letter came along. Fortunately, that is a quick job because there's no version control (unless you count index.pl_1996_04_13_new.bak_verynew_broken_try2), no merge request and no code review.
Admin
And then the intern writes a cron job that deletes the error logs every 24 hours. that someone fixes to be more enterprisy and replaces
rm -rf /db_log_files/*
with
log_file_dir = /db_log_files; rm -rf $log_files_dir/*
Addendum 2022-11-17 01:39:
(read the replacement line carefully!)
Admin
my bash-Fu is insufficient to immediately see what the result will be, but anything involving 'rm' and '*' will immediately trigger a warning in my head.... :-)
Yazeran
Admin
Injection is still in the top 3 of the OWASP security vulnerabilities detected in the wild.
Recommendations like "input validation" are crude and silly: Robbert D'Tables -- pronounced with a silent T -- has a right to his full name! Recommendations like "escape first" are perfectly valid, yet those still haven't taken hold after decades of efforts.
Isn't it long overdue to just get rid of [initially: make it hard to use] text-based, external API's that rely on an interpreter to determine the meaning of their input?
If that doesn't happen voluntarily, perhaps somebody needs to push. That wouldn't be without precedent. For example, Europe actually has a law that demands 2-factor authentication in certain circumstances. It aims to prevent problems that for a long time (up to just last year) used to be in the top 2 of OWASP.
Admin
Well, maybe. (And a hugely entertaining enterprisey summary.)
But actually the correct solution is to use a circular list as the basis for the error log. Allocate whatever memory hit you want to the log, and work with that. Error logs are not meant to be fundamental to the application or service, and they should not interfere with day-to-day operations.
How you do this is entirely platform dependent. But basically you set a limit to the number of entries and, once this limit is reached, you either overwrite the first entry or you delete it.
Admin
missing an s :P