In my back pocket, where normal people carry pictures of their families, I have a list of common things I test every time I encounter a new application. It includes old favorites like the Hamlet test and new favorites like assorted comment strings, but nestled amongst the almost indistinguishable lines of random text, I have a set of SQL keywords:
SELECT FROM WHERE GROUP BY HAVING ORDER BY INSERT UPDATE WHERE MERGE DELETE BEGIN WORK START TRANSACTION COMMIT ROLLBACK CREATE DROP TRUNCATE ALTER
I added this back when I was doing a lot of testing for a company that used an offshore development team for much of its development work, and the offshore team was prone to making the same coding mistakes from project to project. I discovered at one point that they were preventing SQL injection attacks by barring users from entering SQL keywords in edit boxes. So I added the line to the list of tests lo, those many years ago, and I’ve included it in my basic test checklist ever since.
It’s taken me thirty seconds or a minute to run the test every time I’ve encountered a new form in many, many different projects for many, many different clients.
But I found another issue that the string triggered in a recent project, which validated my running the test perpetually, kind of like keeping every little gimcrack and doodad I’ve ever encountered in my closet or garage is validated whenever I need something like it and I don’t have to run to the hardware store to spend a buck to buy a new one.
So what’s the craziest test you always run, and why do you run it?