Top 10 Programming Blunders & Common Mistakes –
Top 10 Programming Blunders & Common Mistakes – We are giving example in a specific programming language, but this idea and concept applied in any other language out there in the market.
Blogs Overflow – We expose truths and safe-guard community form huge losses. We know the pain of loss.
1-Incomplete Input Validation–
- Example: Accepting user input without proper validation, leading to SQL injection.
- Consequence: Compromised database security, potential data loss, and unauthorized access.
Bad Way (PYTHON):
user_input = input("Enter your username: ")
# No validation, allowing SQL injection
query = "SELECT * FROM users WHERE username = '" + user_input + "';"Directly passing user input in database query statements is not recommended and very dangerous.
Good Way (PYTHON):
import sqlite3
user_input = input("Enter your username: ")
# Use parameterized queries to prevent SQL injection
query = "SELECT * FROM users WHERE username = ?;"
cursor.execute(query, (user_input,))
Above user input has been parameterized and it is safe to pass to database query statements.
Real Incident & Consequence – [Reference – Equifax Data Breach]
- Incident: In 2017, the Equifax data breach occurred due to incomplete input validation in a web application, allowing attackers to execute a SQL injection attack.
- Consequence: Personal information of 147 million individuals was exposed, leading to identity theft concerns.
- Loss Amount: Estimated at hundreds of millions in damages and settlements.
