Rigid FAA Forms

In a previous article, Grumman-581 said:
On Sat, 2 Sep 2006 17:00:10 +0000 (UTC),
(Paul Tomblin) wrote:
When I enlisted, the guy filling out the form put "NMI" in the form, and
from then on all my official documents including my discharge notice say
"Paul NMI Tomblin". Stupid, stupid, stupid. Now that I'm older and more
cynical I think I should have made up middle names like "Norman Mailer
Issiah" to match the fake initials.

Even these days, there are some programmers who are so clueless that
when they write the systems, they don't allow for hyphens in names...

My favourite is the programmers who forget to escape single quotes when
they're inserting into SQL databases, so everybody with an apostrophe in
their name like an O'Rielly or O'Hara gets an error. Usually these are
the same web programmers who don't protect against "SQL Injection Attacks" -
they take the name you insert, and stick it into an SQL statement doing a
"insert into user_data values('" + name + "');"
which you can then do major damage by inserting your name as
"a');drop database;" or
"a');delete from user_data;"
or something similarly nasty.

--
Paul Tomblin http://xcski.com/blogs/pt/
"This was, apparently, beyond her ken. So far beyond her ken that she was
well into barbie territory." - J.D. Baldwin

On Sat, 2 Sep 2006 18:33:16 +0000 (UTC),
(Paul Tomblin) wrote:
My favourite is the programmers who forget to escape single quotes when
they're inserting into SQL databases, so everybody with an apostrophe in
their name like an O'Rielly or O'Hara gets an error.

On my first SQL based system, I did that, but I soon realized my
mistake during testing with real user names...

Usually these are the same web programmers who don't protect
against "SQL Injection Attacks" - they take the name you
insert, and stick it into an SQL statement doing a
"insert into user_data values('" + name + "');"
which you can then do major damage by inserting your name as
"a');drop database;" or
"a');delete from user_data;"
or something similarly nasty.

Hmmm... Interesting... I don't think I tried that one... I tended to
use stored procedures that would get called from the web interface and
the insert would be of this format:

insert MY_TABLE (
FIELD_1,
FIELD_2,
FIELD_3
) values (
@VALUE_1,
@VALUE_2,
@VALUE_3
)

"Richard Riley" wrote in message
...
On Sat, 02 Sep 2006 17:32:11 GMT, Grumman-581
wrote:

On Sat, 02 Sep 2006 07:24:42 -0400, Stubby
wrote:
What do they do with bald people? Maybe I'll get my hair dyed a bit
when I can afford flying again.

Hmmm... I always figured that field was a yes/no type of field...

Turquoise blue and primer gray.


Like when they want to know sex.

AOAP.

Grumman-581 wrote:
Even these days, there are some programmers who are so clueless that
when they write the systems, they don't allow for hyphens in names...

Names with hyphens are not as common in India.

-Robert

Grumman-581 wrote:
Usually these are the same web programmers who don't protect
against "SQL Injection Attacks" - they take the name you
insert, and stick it into an SQL statement doing a
"insert into user_data values('" + name + "');"
which you can then do major damage by inserting your name as
"a');drop database;" or
"a');delete from user_data;"
or something similarly nasty.

Hmmm... Interesting... I don't think I tried that one... I tended to
use stored procedures that would get called from the web interface and
the insert would be of this format:

insert MY_TABLE (
FIELD_1,
FIELD_2,
FIELD_3
) values (
@VALUE_1,
@VALUE_2,
@VALUE_3
)

That's a good thing. The example above (with the ""+ name + ") is very,
very bad practice. Basically it makes every SQL query unique causing
the SQL Hash is always miss and a complete statement parse necessary.
The method you mentioned (using variable fields) results in the
statement hashing to the cache of the last time the statement was
called (because the field hashes as "@Value_1" everytime vs. the
hardcoded value, actually I believe its %1 but either way...). In the
second (and correct example) the variables of the query are just added
as payload so the statement itself is the same for each query, just the
variables are different.

-Robert

Stubby wrote:
What do they do with bald people? Maybe I'll get my hair dyed a bit
when I can afford flying again.

I actually called the FSDO to ask that while filling out an 8710 with a
student for his private. They told me to list his hair color as "bald".

-Robert

I actually called the FSDO to ask that while filling out an 8710
with a student for his private. They told me to list his hair color as
"bald".

If you had read the directions, you would have discovered the same
thing.

On Sat, 02 Sep 2006 17:27:09 -0700, Richard Riley
wrote:
Like when they want to know sex.

Well, I did have this female doctor once that was *very* nice
looking... As such, if she had been filling out the form for me, it
would have had a 'yes' for an answer...

On Sat, 2 Sep 2006 17:56:40 -0700, "Matt Barrow"
wrote:
Turquoise blue and primer gray.

Hmmmm... Sounds like someone has been doing some painting lately...

I wonder what they would put for the hair color for someone like
Dennis Rodman... Is it supposed to be their natural hair color or what
it happens to be *this* week?

On Sat, 02 Sep 2006 17:32:11 GMT, Grumman-581 wrote:

Hmmm... I always figured that field was a yes/no type of field...


that's the 'sex' field.
I always answer this field with: "yes, please!"

#m
--
Arabic T-shirt sparks airport row
http://news.bbc.co.uk/2/hi/americas/5297822.stm

I Am Not A Terrorist http://itsnotallbad.com/iamnotaterrorist/