
The trojan Emoji - krogsgard
https://poststatus.com/the-trojan-emoji/
======
feld
It's sad to see this mistake being made repeatedly. It kind of works like this

    
    
      1) Small project started, MySQL is used because that's all the developer knows 
      or it's convenient
      2) Strict mode is never turned on; developer has no idea it exists
      3) App gets popular
      4) Too late to enable Strict
    
    

It's really the main reason why I don't recommend MySQL. Theres so many
mistakes waiting to be made.

~~~
davidgerard
> 2) Strict mode is never turned on; developer has no idea it exists

MySQL has been my hair-tearing problem for many years -
[https://reddragdiva.dreamwidth.org/593924.html](https://reddragdiva.dreamwidth.org/593924.html)
\- and _I_ had no idea it existed.

There's a secret "don't suck as much" switch? TURN IT ON!!

~~~
feld
Wait until the developer learns they need to support unicode.

------
davidgerard
Why why why did MySQL have to win the damn race. It's the PHP of databases: it
more or less works, but you're relying on a cardboard skyscraper built on a
foundation of poop. And this _will_ come back to bite you.

Why MySQL Is Not My Favourite Database:
[https://reddragdiva.dreamwidth.org/593924.html](https://reddragdiva.dreamwidth.org/593924.html)

------
Kortaggio
For anyone interested in knowing how the UTF8 attack works, Mathias Bynens has
a fantastic presentation which describes the technical details:
[https://www.youtube.com/watch?v=qFfjJ8pOrWY](https://www.youtube.com/watch?v=qFfjJ8pOrWY)

Here's the slide deck: [https://speakerdeck.com/mathiasbynens/hacking-with-
unicode](https://speakerdeck.com/mathiasbynens/hacking-with-unicode)

Interesting anecdote from the talk: This isn't just unique to Wordpress.
Spotify was vulnerable to this at one point.

