About Your Daily SQL Injection
Pulling data from a server is a lot like ordering at a fast food place. But doing it in the day like a normal person will be boring, so pretend you’re stumbling drunk into your local fast food chain Exploding Burgers at 3 am. Lets keep things simple and stick with basic SQL.
You order, and eventually you stop, attempting to pay for your food. Now much like doing math in the early morning, number data types can be confusing. If this restaurant often deals with people like your drunk tired self, they might be kind and use integers, or whole numbers. Burgers are $5, tax included. But usually there are cents involved, and thats a float, or maybe a decimal type. When you see the .99 on that item, you can tell yourself, that there is a float. Just don’t say it out loud.
Now that you’ve paid, several things happen. The man at the counter asks your name. Now if your name is something like Robert-Timothy the third, you get to see varchar at work. You see, the cashier accepts your name as a string, but only really accepts six letters. This is called a varchar. A string that can be up to so many letters, but not more. So he nods, and as you walk away his mind simplifies you to BobIII. Now another operation happens in the cashier’s mind. Were you an asshole? If so, the property asshole = true gets attached to you. This is called a boolean, where something is obviously true or false. Look at your receipt. Theres a big number on top. For today at least, you, and only you, are order 18392. This is a serial, an auto incrementing, unique number that each record, or person, or whatever has. You get your food, eventually if asshole = true.
Tomorrow morning when you wake up in a new place, on a new day, in a new car, you will wonder, where was I last night? And that receipt in your pocket will tell you the hour, minute, and second you bought that exploding…burger. Maybe help you pinpoint which street you left your car on. If it’s a timestamp. If it’s a date you’ll just have the day, and that tells you nothing new. Oh, we can stick in one more example. if you then decide to write a long, rambling facebook post about how you’ll never drink again, that is a text data type. Because much like your very understanding friend who isn’t actually listening to you complain about your life, the text data type will accept a string of any length.