Clearly whoever built the earlier version hasn't been reading XKCD for the past decade. Or using typed data correctly. How hard is it to distinguish between a string with content "Null", and the special-purpose entity NULL?
"And I hope you've learned to sanitize your database inputs."
(Of course, I can see how once a problem with that has snuck in, changing anything may have ripple effects in every part of the system that uses that chunk of data. So it will become very hard to transition to managing the data the way you should have from the beginning. So kudos to the team that untangled the spaghetti.)
But, again, there are techniques for handling the difference between an actual null, and various other things that you might mistake for being null-ish (like an integer zero, or an empty string, or a string that says "null"). Also within SQL code, it's more common to have problems with comparing NULL against an empty string, rather than a string that says "null", which makes me wonder if they're flipping between some outer language like C or Java, and calls to the database engine in SQL -- in that case they've made _exactly_ the mistake from the XKCD, of passing through text without first analyzing it to properly "escape" special characters or keywords (i.e. "sanitize" the inputs).
Thank you, Jen. For this ultimately uplifting story and for all you do and share. As the news was coming in last night, thinking of all of the public servant heroes you write about was helpful. I'm focusing on their stories. I'm focusing on my own community work. Thank you
Clearly whoever built the earlier version hasn't been reading XKCD for the past decade. Or using typed data correctly. How hard is it to distinguish between a string with content "Null", and the special-purpose entity NULL?
"And I hope you've learned to sanitize your database inputs."
(Of course, I can see how once a problem with that has snuck in, changing anything may have ripple effects in every part of the system that uses that chunk of data. So it will become very hard to transition to managing the data the way you should have from the beginning. So kudos to the team that untangled the spaghetti.)
Makes me wonder what programming language
I'd assume any database programming that started more than a decade ago is going to use some flavor of SQL, and that does have a "null" keyword.
https://en.wikipedia.org/wiki/Null_(SQL)
But, again, there are techniques for handling the difference between an actual null, and various other things that you might mistake for being null-ish (like an integer zero, or an empty string, or a string that says "null"). Also within SQL code, it's more common to have problems with comparing NULL against an empty string, rather than a string that says "null", which makes me wonder if they're flipping between some outer language like C or Java, and calls to the database engine in SQL -- in that case they've made _exactly_ the mistake from the XKCD, of passing through text without first analyzing it to properly "escape" special characters or keywords (i.e. "sanitize" the inputs).
https://xkcd.com/327/
I should know this, but it’s been a few years since I was writing queries. I used to love problems like this. SQL rules the world
Thank you, Jen. For this ultimately uplifting story and for all you do and share. As the news was coming in last night, thinking of all of the public servant heroes you write about was helpful. I'm focusing on their stories. I'm focusing on my own community work. Thank you
Have you read WaPo's amazing series on public servants? Highly recommended.
https://ourpublicservice.org/blog/who-is-government-series-the-washington-post-event-recap/
The one about the IRS forensic accountant is just _stunning_, it deserves to be adapted into a movie.
Hopefully public servants like this aren’t on the chopping block under Schedule F