|
HappyHippo posted:I can't tell if youre joking or not, but 32 on/off options leads to 2^32 possible combinations of options, and you can't encode that in less than 2^32 numbers without losing some possible combinations. We're through the looking glass here folks
|
# ¿ Apr 25, 2008 08:57 |
|
|
# ¿ Apr 26, 2024 12:24 |
|
Just out of curiosity, can anyone name a CPU in significant use today that doesn't use 8 bits per byte and/or twos complement to represent signed integers? Edit: well blow me down, maybe there are a few network appliances out there that handle one's complement arithmetic because: quote:The IPv4 header checksum uses ones' complement arithmetic. minato fucked around with this message at 02:10 on Jan 6, 2009 |
# ¿ Jan 6, 2009 02:01 |
|
Why do you consider &1 to be silly? Is it code clarity, performance, portability, or something else? Code clarity I could understand, and same goes for performance unless we're talking about some highly-optimized graphics rendering loop, but I can't imagine anyone seriously citing portability.
|
# ¿ Jan 6, 2009 05:29 |
|
code:
|
# ¿ Jan 7, 2009 17:19 |
|
By "properly-used" I guess you mean that they're used comprehensively, in which case there is no difference - but that's not what I think Ryouga Inverse was getting at. If you always use escape_string() then there's a risk you might forget to, and that risk isn't possible with prepared statements. However that's beside the point, because I think Ryouga Inverse was referring to mysql_escape_string() vs mysql_real_escape_string(), not escape_string() vs prepared statements.
|
# ¿ Jan 8, 2009 01:22 |
|
What is the argument then? Is it mysql_escape_string() vs mysql_real_escape_string(), which is what zergstain was asking about? To reiterate what Ryouga Inverse said, a flaw was found with mes() whereas none has been found with mres(), so use mres(). Just because zergstain couldn't find any exploit code that used mes() isn't a good excuse to keep using it. If the argument is prepared vs thorough use of mres(), then I don't think the choice is so clear cut. Prepared statements are free of injection risks and may be processed faster since the app doesn't have to plod through a potentially large string to copy and escape it, and the DB server doesn't have to spend time parsing the string to unescape it. But the downside is that prepared statements can be a little harder to read (since it's necessary to read 2 areas of code simultaneously to ensure that each replacement token is correctly matched up with the variable that will be replacing it), and can they can be difficult to use in some dynamic SQL situations. Use of mres() can be easier and more legible in these situations, but runs the risk of the coder forgetting to use it.
|
# ¿ Jan 8, 2009 02:21 |
|
zergstain posted:and I'm fairly sure everything is latin 1 anyway.
|
# ¿ Jan 8, 2009 02:53 |
|
Well, you're asking whether you should get your bosses to approve moving from mes() to mres(). And you're right that mres() does respect the connection's character set. But mes() doesn't:The PHP manual for mes() posted:This function is identical to mysql_real_escape_string() except that mysql_real_escape_string() takes a connection handler and escapes the string according to the current character set. mysql_escape_string() does not take a connection argument and does not respect the current charset setting.
|
# ¿ Jan 8, 2009 03:38 |
|
The mes()/mres() decision shouldn't really be a issue anyway - most well-designed apps would use some form of DB abstraction layer.zergstain posted:AFAIK, they want to be able to see passwords anyway. If that's true, then your bosses are idiots and you're hosed.
|
# ¿ Jan 8, 2009 08:17 |
|
Janin posted:Please post more details about insane Japanese software, because this post right here is incredible.
|
# ¿ Dec 18, 2009 22:36 |
|
MEAT TREAT posted:How big was the file? I don't remember exactly, but it was huge, over 1MB. Another Japanese coding horror. A long while ago there was a 3D file format designed for games. Each component of the file had a type (3D mesh, texture, animation data, etc) and each type had various bitfields that described attributes of that component ("flat/gouraud/textured shading", "anti-aliased", "has normal", etc) and these were meant to be used to indicate which "driver method" to use to handle that component. But the way the libraries were set up, each combination of bit fields had to have its own driver method. So if you had a 3D mesh that was anti-aliased and another that wasn't, you couldn't just use a single driver method for both where you'd check the bitfield and flip the anti-aliasing on. You had to write two separate drivers. Multiply this by the many different bitfields and it meant that potentially it would be necessary to write 2^32 drivers. So dumb.
|
# ¿ Dec 19, 2009 04:24 |
|
suction posted:has this been posted? Found it on Reddit from 4chan
|
# ¿ Jun 16, 2011 00:53 |
|
My god, the advice he gives is awful. He enables debugging to the screen on production and his first piece of advice is "Avoid working late at night" instead of "Don't debug on loving production".
|
# ¿ Jul 7, 2011 18:50 |
|
Do you put commas at the end of the line or the beginning?code:
- Because the commas all line up, you can easily see missing commas - It's common to add extra elements at the end, so it's easier to use vim's "yyp" to duplicate the last line and tweak it to what you want, instead of also having to go to the 2nd to last line and add a comma. --- Corollary: when looking at a diff where someone's added a new line, the old last line is not affected so doesn't get added to the diff, so the diff is simpler to read (better fore code reviews). e.g diffs for adding a new column "wiz" Commas at beginning: code:
Commas at end: code:
|
# ¿ Jul 31, 2011 17:53 |
|
|
# ¿ Apr 26, 2024 12:24 |
|
Well, at least this code doesn't use any gotos: code:
|
# ¿ Sep 8, 2011 18:59 |