How to test error handling?

Users have the freedom to input anything they desire into the variables you’ve designed. Skilled programmers, including those with experience, are essential for handling user input effectively. In this article, I will share my thoughts and provide insights on testing user input.

The crucial factor is to operate under the assumption that users can input ANYTHING into variables. To gain an understanding of the diverse inputs users might provide, here are the following examples:
- Positive Number: 123
- Negative Number: -123
- Float Number: 23.7
- Negative Float Number: -23.7
- UTF-8 / UTF-16 (Unicode): 生字いますか
- Maximum Characters: Pizza*1000…
- Number Zerp: 0
- MultipleDots: 4.4.4.4
- Windows Bug: ../../../../../../
- SQL injection: 1=1, “ or “”=”

The Windows bug is particularly intriguing as the ‘../’ notation allows users to navigate back to the parent directory. If exploited through a loop executed a certain number of times, attackers could potentially gain access to sensitive information. This is an outcome we want to avoid. [You can try ../ command in cmd]

SQL injection involves attempting to manipulate parameters to extract all data from a table. If the parameters are set to ‘true, 1=1’ the SQL table will remain unfiltered, potentially exposing all information to attackers.

I love to open the floor and share my ideas with all programmers in this discussion, focusing on safeguarding our database systems. I hope that my article can inspire new ideas for enhancing error handling in your work. I’ll see you next time!