A query that had been used to authenticate users to a website:
SELECT COUNT(PKID_Users) as 'c' FROM Users
WHERE UPPER(Username)='"+this.username.ToUpper()+ "' AND Password='"+this.password+"'
AND Active=1
As an added bonus, the code checked the count to make sure there weren’t multiple rows returned (was there was a chance more than one user could have the same user name?)
Thankfully, I replaced the authentication with something sane quite some time ago.
But geez.
I got a C+ in C++ :p
Set the count to zero. I read that in William Gibson’s book! I think it might be relevant. Also relevant is Gibson’s quote: “I’ve spent about as much time writing as most American men my age have spent watching television.”
Heh!
@Q: Oh, yeah? Well I got a C++!
@Robert: Amazingly, setting the count to zero is not a half-bad solution: no one can log in while the security is improved to something not completely laughable.
That’s cool to know, because I read the book about 25 years ago and couldn’t remember exactly what the title referred to. Le Wiki sez:
“The title of the book, other than being the pseudonym of the main character Bobby Newmark, was also claimed by Gibson to be a word-play on the alleged computer programming term count zero interrupt. According to a frontleaf of the book, in a “count zero interrupt”, an interrupt of a process decrements a counter to zero. The exact quote is “On receiving an interrupt, decrement the counter to zero.” (The term “count zero interrupt” or CZI could be found in the book: Programming The Z80 by Rodnay Zaks, 1982.)”