Eehhh, what the hell is going on here!?
SELECT
printf("0x%x", (1 << 63) - 2),
printf("0x%x", (1 << 63) - 1),
printf("0x%x", 1 << 63 ),
printf("0x%x", (1 << 63) + 1),
printf("0x%x", (1 << 63) + 2)
SQLite yields:
0x8000000000000000 (instead of 0x7ffffffffffffffe)
0x8000000000000000 (instead of 0x7fffffffffffffff)
0x8000000000000000 (correct)
0x8000000000000001 (correct)
0x8000000000000002 (correct)
Huh!? O_o Am I stupid? What am I missing here? Or is this actually a bug? :-?
With 62 bits, everything is spot on:
0x3ffffffffffffffe
0x3fffffffffffffff
0x4000000000000000
0x4000000000000001
0x4000000000000002
And 64 bits rather unsurprisingly also yield:
0xfffffffffffffffe
0xffffffffffffffff
0x0
0x1
0x2
↳
In-reply-to
»
Can anyone recommend a command-line SQL query formatter? Unfortunately,
⤋ Read More
sqlparse is also unsuitable for me: https://github.com/andialbrecht/sqlparse/issues/688
I’m supporting incremental SQLite schema changes to just upgrade from an older database version to whatever the current software version supports. In the past, I already noticed that this is quite expensive in unit tests when each test case runs through the entire schema patches and applies them one by one.
To speed up test execution I now decided that I finally go through the troubles of maintaining both a set of incremental patches and a full schema setup in one go. A unit test verifies that both ways end up with the same structure. This gives me a set of SQLs to check the structures:
SELECT type, name, tbl_name, sql
FROM sqlite_schema
ORDER BY type, name, tbl_name
Unfortunately, the resulting CREATE TABLE SQL queries are formatted differently, depending on whether the full schema was set up in one big step or the structure had been modified with ALTER TABLE. Mainly, added columns are not on their own lines but appended in one physical line. That’s why I wanted an SQL formatting tool. Since I didn’t find one that works decently, I’m now doing some simple string manipulation. Joining consecutive whitespace into a single space character, removing spaces before commas and closing parentheses and spaces after opening parentheses. This works surpringly good enough. Of course, if it fails, the “diff” is absolutely horrendous.
Now for the cool part, my test execution dropped from around 5:05 minutes to just 1:32 minutes! I call that a win.
I just stumbled across PRAGMA table_info('tablename') https://sqlite.org/pragma.html#pragma_table_info, PRAGMA foreign_key_list('tablename') and friends. I guess, I have to play with that, now. It’s probably much better to use than the SQL text approach.
Can anyone recommend a command-line SQL query formatter? Unfortunately, sqlparse is also unsuitable for me: https://github.com/andialbrecht/sqlparse/issues/688
Say Hello To GoogleSQL
BrianFagioli writes: Google has quietly retired the ZetaSQL name and rebranded its open source SQL analysis and parsing project as GoogleSQL. This is not a technical change but a naming cleanup meant to align the open source code with the SQL dialect already used across Google products like BigQuery and Spanner. Internally, Google has long called the dialect GoogleSQL, even while the open source project lived under a differ … ⌘ Read more
Rust-Based Fjall 3.0 Released For Key-Value Storage Engine Akin To RocksDB
In addition to the release of Stoolap 0.2 as a modern embedded SQL database written in Rust, Fjall 3.0 is available as another Rust-written database solution. Fjall is a log-structured, embedable key-value storage engine akin to RocksDB but with the benefit of being written in Rust. With Fjall 3.0 its performance is now very competitive… ⌘ Read more
Stoolap 0.2 Released For Modern Embedded SQL Database In Rust
Stooplap v0.2 released today as this SQLite alternative for providing embedded SQL database needs while written in the Rust programming language. Stoolap supports both in-memory and persistent storage models… ⌘ Read more
Vim for SQL lite ⌘ Read more
SQL Injection Leads to dump the Student PII ⌘ Read more
ProcessOne: 🚀 ejabberd 25.10
Release Highlights:
If you are upgrading from a previous version, there are no mandatory changes in SQL schemas, configuration, API commands or hooks.
Other contents:
- **[New option
archive_muc_as_mucsubinmod_mam]( … ⌘ Read more
Simple, minimal SQL database migrations written in Go with generics. Std lib database/sql and SQLX supported OOTB
I built GoSMig for personal projects and open-sourced it. It’s a tiny library for writing migrations in Go (compile-time checks via generics). Supports both transactional and non-transactional steps, rollback, status/version commands, and a built-in CLI handler so you can ship your own tool.
- Zero dependencies (std lib; golang.org/x/term used for pager support)
- database/sql and sqlx supported out of the box, others w … ⌘ Read more
When I’m asked to create a SQL user for the new hire ⌘ Read more
When my SQL query goes from 10 seconds to 200ms ⌘ Read more
How I Mastered Blind SQL Injection With One Simple Method
Transforming my web security skills by learning to listen to a silent database
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-i-mastered-blind-sql-injection-w … ⌘ Read more
The Critical $1000 Bug:(blind SQL injection) ⌘ Read more
SQHell: Manually hunting SQL injection with detailed explanation ⌘ Read more
↳
In-reply-to
»
is it normal for my yarn pod mentions tab to be totally empty because it's been like this from the start
⤋ Read More
@kat@yarn.girlonthemoon.xyz @kat@yarn.girlonthemoon.xyz Pretty sure I have many more mentions in the database than the one and only one I see hmmm 🤔 – I’ll have a look at the code when I can and the SQL query it’s using
How Reladiff Works - A Journey Through the Challenges and Techniques of Data Engineering with SQL
Comments ⌘ Read more
AI-Powered SQLMap: Smarter SQL Injection Testing Guide ⌘ Read more
Exploiting Unsanitized URL Handling & SQL Injection via Deep Links in iOS App: Write-up of Flipcoin ⌘ Read more
Open Source SQL Workbench Says “No Republicans Allowed!”
The Apache licensed SQL query tool says Republicans (and many others) are not welcome to use their software due to “despicable politics” and “contempt for human rights.” ⌘ Read more
提示詞注入攻擊的檢測和數據集介紹
提示詞注入攻擊介紹提示詞注入是一種攻擊技術,攻擊者通過精心設計的輸入來操縱 AI 系統,使其偏離原定行爲或繞過設定的安全措施。這類似於軟件開發中的 SQL 注入攻擊,但針對的是 AI 系統的提示詞處理機制。OWASP 把提示詞注入攻擊作爲 2025 年大模型應用風險的第一位,可見其重要程度。相對於原來直接針對大模型的攻擊,在基於大模型的應用中,增加了數據:數據裏也可以加入對大模型的攻擊,舉個例子: ⌘ Read more
MySQL 大事務提交優化
在使用和運維 MySQL 的過程中你一定碰到過下面這種奇怪的慢 SQL。 • 平時執行很快的 INSERT 語句,竟然執行了1.3s,並且慢 SQL 記錄裏也沒有看到長時間的鎖等待。 • 多語句事務的所有語句都已經執行完了,但是 COMMIT 語句竟然執行了1.3s。 當這種情況出現時,最有可能的就是有大事務在提交。以下是一個模擬測試的結果,我們用 Sysbench 來模擬正常的業務 ⌘ Read more
Mastering SQL Injection Recon: Step-by-Step Guide for Bug Bounty Hunters
A practical guide to uncovering SQL injection flaws using automation, payloads and deep reconnaissance techniques.
[Continue reading … ⌘ Read more
$4,500 Bounty: SQL Injection in WordPress Plugin Leads to PII Exposure at Grab
How a Plugin Preview Feature Exposed User Data and Nearly Enabled Admin Dashboard Pivoting
[Continue reading on Info … ⌘ Read more
Millions of Records Exposed via SQL Injection in a Tamil Nadu Government Portal ⌘ Read more
** How Hackers Bypass Login Pages with SQL, Logic Flaws, and Headers **
Welcome to the underworld of cybersecurity! 🌐 In this blog, we dive deep into how hackers bypass login pages — the digital gatekeepers of…
[Continue rea … ⌘ Read more
↳
In-reply-to
»
Also spent the morning continuing to think about a new design for EdgeGuard's WAF. I'm basically going to build an entirely new pluggable WAF that will be designed to only consider Rate Limiting, IP/ASN-based filtering, JavaScript challenge handling, Basic behavioral analysis and Anomaly detection.
⤋ Read More
One thing about my design here is that it would no longer incorporate “regex”-based rules like OWASP, mostly because my experience thus far has taught me that these rules are kind of overly sensitive, produce false positives and I’m not sure they are really very effective. For example, why is the point of performing SQL injection detection at the Edge using a WAF if you already handle SQL properly in the first place? (seriously does anyone still construct SQL queries by hand with effectively printf?!)
A Guide to SQL Injection Attacks: Hackers Don’t Want You to Know This!
Imagine your website as a big toy box filled with treasures — like user info, passwords, or blog posts — and you’ve got a robot helper…
[Contin … ⌘ Read more
Time-Based Blind SQL Injection: “Hack the Clock” ⌘ Read more
↳
In-reply-to
»
Test
⤋ Read More
I was trying to optimize the SQL query used for the Compact FrontPage (anonymous view for Discovery when the Admin/Operator chooses “one twt per feed”).
(#r5go7jq) I was trying to optimize the SQL query used for the Compact FrontPage (_anonymous view for Discovery when the Admin/Operator chooses …
I was trying to optimize the SQL query used for the Compact FrontPage ( anonymous view for Discovery when the Admin/Operator chooses “one twt per feed”). ⌘ Read more
搞懂常見 Go ORM 系列 - Ent 框架詳解
在 Go ORM 開篇中我們將 Go ORM 框架分成了三類🌲 反射型主要通過反射機制將結構體映射到數據庫表上,代表作爲 go-gorm/gorm🌲 代碼生成型通過代碼生成工具預先生成數據模型及查詢構建器,代表作有 ent/ent 和日益流行的 go-gorm/gen🌲 SQL 增強型基於原生 SQL 庫進行封裝和擴展,既保留 SQL 的靈活性,又提供了一系列便捷函數,代表作爲 jmoiron/s ⌘ Read more
ProcessOne: ejabberd 25.03
Release Highlights:
- Matrix Gateway Gets Room Support
- Multiple Simultaneous Password Types
- Execute API Commands Using XMPP Client
If you are upgrading from a previous version, please check the [changes in SQL schemas](https://www.process-one … ⌘ Read more
SQL scares me i tweaked a bash script that pulled from a DB and the bash part was easy even if i was just going off of the code in there that i didn’t write (like i understood it at least) but the SQL parts had me suffering
@lyse@lyse.isobeef.org OK. So how I have worked things like this out is to have the interface in the root package from the implementations. The interface doesn’t need to be tested since it’s just a contract. The implementations don’t need to import storage.Storage
- storage/ defines the
Storageinterface (no tests!)
- storage/sqlite for the sqlite implementation tests for sqlite directly
- storage/ram for the ram implementation and tests for RAM directly
- storage/sqlite for the sqlite implementation tests for sqlite directly
- controller/ can now import both storage and the implementation as needed.
So now I am guessing you wanted the RAM test for testing queries against sqlite and have it return some query response?
For that I usually would register a driver for SQL that emulates sqlite. Then it’s just a matter of passing the connection string to open the registered driver on setup.
https://github.com/glebarez/go-sqlite?tab=readme-ov-file#connection-string-examples
I Went to SQL Injection Court
Article URL: https://sockpuppet.org/blog/2025/02/09/fixing-illinois-foia/
Comments URL: https://news.ycombinator.com/item?id=43175628
Points: 504
# Comments: 191 ⌘ Read more
Golang 使用反射實現漏洞插件管理
在安全檢測領域,我們經常需要實現一個插件體系,以支持和管理不同類型的漏洞檢測插件。例如,SQL 注入掃描、XSS 檢測等插件應該可以動態加載、統一管理,並按需執行。本文將會介紹如何使用 Golang 反射(reflection) 構建一個可擴展的漏洞檢測插件系統,包括 插件註冊、管理、調用,我會提供完整的 demo 代碼和項目結構來幫助你理清思路。下面就開始我們今天的內容吧!!!🚀🚀🚀項目目錄結構 ⌘ Read more
5 分鐘搞懂 Golang 數據庫連接管理
本文介紹瞭如何在 Golang 中優化數據庫連接,通過有效管理連接來提高應用程序吞吐量。原文: Optimizing Database Connections in Go: Improving Throughput by Managing Open Connections Efficiently[1]Go 的 database/sql 軟件包提供了自動化數據庫連接池,能夠幫助開發人員有效管理連 ⌘ Read more
sqltmpl - A Go package for safe, dynamic SQL generation using templates
1 points posted by Mohammed Al Ashaal ⌘ Read more
golang 是如何防範 SQL 注入、CSRF、XSS 攻擊 的
在 Go 語言的 Web 開發中,常見的安全問題包括 SQL 注入、CSRF(跨站請求僞造)、和 XSS(跨站腳本攻擊)。Go 提供了多種機制與工具庫來防範這些攻擊。以下是針對每種攻擊的防範措施:防範 SQL 注入————SQL 注入 是一種通過修改 SQL 查詢的輸入,使攻擊者能夠執行未授權 SQL 語句的攻擊手段。防範 SQL 注入的關鍵是避免直接拼接 SQL 字符串,而是使用 ⌘ Read more
https://www.sqlclimber.com/home Online Interactive #SQL Course