SQL Injection Fail

The following snapshot was taken from a Norwegian company database registration.

Check out the second line below the numbers, it is ‘;UPDATE TAXRATE SET RATE = 0 WHERE NAME = ‘EDVIN SYSE’.

What that line was supposed to do was changed the tax rate to 0 for any company name “EDVIN SYSE” hehe. It is a classic SQL Injection hack and my guess is that company registration are done online over there. The person registering for that company thought he could escape tax with a little hack.

Well good programming by the site sanitized the string and now his attempt is stored for all to see.

Anyway, here’s a cartoon from xkcd to accompany this story.

UPDATE 27 Apr 2009
So this is actually not an actual failed attempt at SQL Injection, here’s an explanation from the people supposedly responsible for the company’s name. Though I don’t really understand them :P

In 1999 Syse Data was converted to a limited liability company, and has since been trading under the name Syse Data AS[1]. As the names are so similar, searches for our company in the official Norwegian registry of just-about-anything (Br?nn?ysundregistrene) often resulted in potential customers looking up the wrong company. To prevent this confusion we recently changed the name of the old (non-LLC) company, and figured we’d use the opportunity for some harmless – or so we thought – fun.

The old company was renamed to:


link (thanks espen)

You may also like...


  1. Murphy says:

    The comic is so funny. But only programmers understand it ;-)

  2. calvaryzone says:

    sql injection still works these days?

  3. Archie says:

    inject still work, that’s why u need to learn how to prevent it, must put many many filtering on it… if u attended microsoft presentation or talk, they will tell you how to prevent this.. hehe

  4. It is not an attempt to do SQL injection – it is merely a joke. https://www.sysedata.no/nyheter/edvin-tables

  5. mrbadak says:

    thx Espen, I’ve made some addendum to my post :)

  6. Kay Kastum says:

    I almost get it… LoL!