|
code:
Everything he did had a strange logic behind it, but due to his complete lack of commenting anything, this logic is often near impossible to figure out.
|
# ¿ Nov 10, 2010 00:12 |
|
|
# ¿ Apr 18, 2024 06:25 |
|
I just found this today.php:<? function getSettings() { $query = "SELECT * FROM `system_settings` LIMIT 1"; $result = mysql_query($query); $row = mysql_fetch_row($result); $s['1']= $row[0]; $s['2']= $row[1]; $s['3']= $row[2]; $s['4']= $row[3]; $s['5']= $row[4]; $s['6']= $row[5]; $s['setting1']= $row[6]; $s['setting2']= $row[7]; $s['setting3']= $row[8]; $s['7']= $row[9]; return $s; } ?> php:<? for ($index = 0; $index < count(getSettings()); $index = $index + 1) { switch ($index){ case 0: $s = getSettings(); $admin_Email = $s['1']; break; case 1: $s = getSettings(); $adminname = $s['2']; break; case 2: $s = getSettings(); $sendEmailFrom = $s['3']; break; ... ?> bobthecheese fucked around with this message at 00:24 on Nov 19, 2010 |
# ¿ Nov 19, 2010 00:22 |
|
Just be ecstatically happy that you're in a group where other people actually write code at all.
|
# ¿ Nov 26, 2010 12:31 |
|
One of ours spen the whole time offering to get everyone else meth, one left the country until the project was nearly done. I ended up writing about 20k lines of code myself because the only people in the group who could have helped were busy with our 600 page design document. This was our final project, and it was for a real client who had paid the university to get it done. Failure to jump through all the hoops that the uni put up meant that we would have to do another year long project the next year.
|
# ¿ Nov 27, 2010 22:49 |
|
That, and bad movies. Maybe it's just "Name it after which movie I saw last" Also, your client is an Adam Sandler fan, by the looks.
|
# ¿ Dec 1, 2010 11:44 |
|
Aleksei Vasiliev posted:mysql> select aes_encrypt('hello', '') = aes_encrypt('hello', '4re35na2aTaVasAy4re35na2aTaVasAy'); Is that a case of an accidental collision, or a pre-defined default key? yaoi prophet posted:I don't get it bobthecheese fucked around with this message at 01:25 on Feb 23, 2011 |
# ¿ Feb 23, 2011 01:23 |
|
Janin posted:If the key length is >128 bits, MySQL reduces it by XOR. "4re35na2aTaVasAy4re35na2aTaVasAy" is just "4re35na2aTaVasAy" twice, so it reduces to 0 (the same as ""). You can get the same result by doubling (or quadrupling, etc) any 16-character string. Oh, wow, that IS a horror.
|
# ¿ Feb 23, 2011 03:22 |
|
wwb posted:Can we just start a dedicated PHP horrors thread? Any horrors thread is bound to contain php. Any php thread is bound to contain horrors. There's already one of both. Making a dedicated PHP Horrors thread would be redundant.
|
# ¿ Mar 3, 2011 22:21 |
|
Hammerite posted:So given that PHP does at least do one or two things right (you can write a script, upload it and it will work right loving now without needing to faff about - and it gets out of your way quite well if you want to do something simple, and has everything you might want in its standard library); but does a lot of things wrong, why isn't there something that takes the good things about PHP and loses the bad parts? That's what PHP 6 is meant to do, I think. Problem is that it's pretty much never going to get finished. For the large number of 'php developers' in the world, there are actually very few people developing php, which means that it takes time for features to get added/changed/updated. While it's fun to rag on PHP for being poo poo, it's still a damned popular language, and actually quite powerful (when it's not being abuse by idiots). Most of the problems with php are, as you said, pretty much centred on people not reading the available documentation (which is really some of the best language documentation I've ever come across). Doesn't mean it's not fun to pay out on it, though.
|
# ¿ Mar 3, 2011 22:52 |
|
I love that PHP broke me into this industry. I hate that breaking out of PHP will be so damned hard. I do have SOME python experience (commercial, too), but never enough to learn the real nature of it. Same for Java. I'm spending some of my own time re-learning these things, but without having commercial experience, I might as well be starting from scratch. Arse.
|
# ¿ Mar 5, 2011 00:24 |
|
php quinephp:<? echo file_get_contents($_SERVER['SCRIPT_FILENAME']); ?>
|
# ¿ Apr 15, 2011 04:28 |
|
nielsm posted:This PHP pattern: This type of stuff is how c99.php (and others) end up on your server. At the very least, it should check that the included page is an actual page that exists on your server, otherwise it's open to attack via passing a URL, etc. PHP would read the URL, and execute any php code found there, which means that people can execute arbitrary code on your server (which they generally do to install a root-kit).
|
# ¿ Apr 15, 2011 22:54 |
|
Maybe, you legitimately want to store an empty string. Maybe you want to throw an error if the string is null, though. Maybe, just MAYBE, there might be justification for doing that. Probably not, though.
|
# ¿ May 3, 2011 02:07 |
|
MEAT TREAT posted:I always schedule in an extra week of developer time for fixing these old rear end bugs and adding in smaller feature requests. Except that 70% of them aren't even valid bugs anymore, because the code has evolved around them, and everyone involved when the bug was reported no longer has anything to do with the project. Also: bugs classed as "critical/blocker" which are a minor interface tweak to a prototype/mockup, and has "as discussed on phone" as part of the description.
|
# ¿ May 10, 2011 03:07 |
|
Monkeyseesaw posted:Run all your source code through a minifier before checkin. It's not like the whitespace does anything anyway! Or whitespace.
|
# ¿ May 11, 2011 01:52 |
|
Doc Hawkins posted:No need, English is the one true programming language. American English, that is gently caress you CSS, the word is "colour"!
|
# ¿ May 15, 2011 23:51 |
|
Munkeymon posted:Don't think there's anything terribly wrong with the type system, either. 'Type guarantees if you feel like it' is doable to varying degrees in any number of languages with varying amounts of work. They just make it easy like in *gulp* PHP I don't mind the whole "Define types only if you want to" approach, but the fact that when you define a type and then mis-use it, dart largely ignores your type... that's a horror. The fact that is supplies a warning kind of implies that dart realises that it's wrong, but rather than casting the result to an int (which it really should seeing as the code went out of it's way to declare it to be an int), it converts the variable to a double.
|
# ¿ Oct 13, 2011 21:39 |
|
Uuuhhhhgggggggg excel. One of out clients at my last workplace spent about $200k-$300k on getting us to build them a massive system to take over management of their business (so they weren't running out of excel spreadsheets). After about 2 years of working on it and fighting with them over features which they kept changing their minds about, we eventually sent it live. They used it for a whole two months before they hired someone new who took one look at it, and made her own version in excel. Of course it had none of the accountability, automation, or any accessibility of the system we had built, but she knew excel. In a month, the system we had built was almost dormant again because everyone in the office decided they liked excel. 2 years of custom-building an application to meet their business needs and processes exactly, and it's all undone because a new hire preferred excel to learning the system. The real kicker was when they started sending us excel spreadsheets so that we could put in the "difficult formulas" that would actually track everything the system we built we already track.
|
# ¿ Oct 17, 2011 19:48 |
|
Oh look, More PHP stupidity! What would you reasonable expect this language function to do? php:<? echo get_current_user(); ?> PHP Manual posted:Returns the name of the owner of the current PHP script. Wait, what? So no matter who's running the script, the 'current user' is whoever owns the script? So how do you get the user who's currently executing the script? php:<? echo shell_exec('whoami'); ?>
|
# ¿ Nov 18, 2011 18:27 |
|
There's two date fields in this database that I'm working on...code:
Surely a unix timestamp should be longer than that... maybe it's only part of the time stamp, because precision isn't that important. Let's see what the data looks like: code:
gently caress.
|
# ¿ Dec 2, 2011 21:30 |
|
employer posted:we didn't know of unix timestamps I found other parts of the code like that which go back another 4+ years further than this one. Now I'm writing my own horror to deal with it. code:
|
# ¿ Dec 2, 2011 22:38 |
|
Wheany posted:Well, in this case PHP has a perfectly acceptable json_encode function that Unless you're on one of the (many, many) servers which is still running PHP 5.1.6 Then you don't have json_encode. I usually use a BSD licenced json encoder/decoder for that, though. And I wrap it like this: php:<?php if (!function_exists('json_encode')) { require_once('JSON.php'); function json_encode($obj) { $JSON = new Services_JSON(); return $JSON->encode($obj); } function json_decode($str) { $JSON = new Services_JSON(); return $JSON->decode($str); } } ?>
|
# ¿ Dec 28, 2011 20:24 |
|
Zamujasa posted:That quote reminds me of people who almost exhibit common sense, but make a sharp turn into a wall. For example, it really is possible to pull off a man-in-the-middle attack, but... not quite like the way he's showing. There's also the possibility that the author is giving that advice to give "security experts" who don't know what they're really talking about something to cling on to so that they'll allow employees to get their work done (so long as they type gibberish while typing in their password). I mean, sometimes it's easier to throw them a stupid bone rather than ignoring them (even if the bone doesn't actually help things, so long as it doesn't harm things). What's worse: having to type some gibberish while entering your password in an naive attempt at foiling key loggers, or not being able to use a tool for work because some jackass "security expert" has decided that SSL isn't secure enough? bobthecheese fucked around with this message at 16:56 on Jan 12, 2012 |
# ¿ Jan 12, 2012 16:53 |
|
php:<? function ClearMSSQLResultSet($rs) { while (odbc_fetch_array($rs)) { /* Do nothing */ } } ?> Apparently, on certain 'free' ODBC drivers, you can't open a new result set (i.e. execute a new query) unless the previous result set has been spooled entirely to the end. #EDIT: turns out that I don't need to do this after all. odbc_free_result() does the job. bobthecheese fucked around with this message at 18:31 on Jan 13, 2012 |
# ¿ Jan 13, 2012 17:26 |
|
Oh god. I just found this in some code I wrote... almost exactly 4 years ago, if the date stamp in the comments is to be believed. In my defence, it was an internal application, and it had to pass auth checks before it could get near this code. That's a poor defence, but there you have it. I was young and stupid? php:<? // validate editable fields $editable_fields = array("customerid"=>"is_int", "project"=>"is_string", "fixedquote"=>"is_string", "quoteamount"=>"is_numeric", "quotehours"=>"is_int", "active"=>"is_int"); // is it an editable field? if (isset($editable_fields[$_POST['field']])) { // is the value valid? if (eval("return ".$editable_fields[$_POST['field']]."('".addslashes($_POST['value'])."');")) { /* ... do stuff ... */ } else { /* error about not being the right type of data */ } } else { /* error about not being an editable field */ } I'm going through and replacing it with this, which is still a horror in it's own right, but less of one. php:<? if (isset($editable_fields[$_POST['field']])) { $func = $editable_fields[$_POST['field']]; // is the value valid? if ($$func($_POST['value'])) { /* ... do stuff ... */ } else { /* error about not being the right type of data */ } } else { /* error about not being an editable field */ }
|
# ¿ Jan 20, 2012 20:07 |
|
musclecoder posted:Could probably also use call_user_func_array() for slightly cleaner code. That's what I ended up doing in the end. I'd forgotten about it until I needed to change another piece of code that called arbitrary functions with variable numbers of parameters (which I'd also set originally to use some 'exec' horror, only which an even more horrible function which flattened arrays into a string that looked like parameters to pass to a function. Ugh. I hate 4 years younger me) Anyway, when I was looking up the half remembered "there's a way to do this 'properly'" I remembered that there was also a better way to call arbitrary functions. All in all, the code is actually reasonably understandable now. bobthecheese fucked around with this message at 15:33 on Jan 25, 2012 |
# ¿ Jan 24, 2012 16:19 |
|
Scaramouche posted:Don't feel too bad, shrughes is basically a jerk. It's kind of his thing. You say that like it's not pretty much everyone's thing here .
|
# ¿ Jan 29, 2012 03:12 |
|
Doctor w-rw-rw- posted:This joke is old and tired. Please stop. I'm of the personal opinion that if you can't write clean, clear, and consistent code in PHP, the language is not the problem. Sure, it's missing a few features that you'd expect in, say, Java or python, or whatever else, but it works and it doesn't force you to write your code in one particular way.
|
# ¿ Jun 21, 2012 11:31 |
|
Golbez posted:Uh. Here is the prototype for that function: Silly Golbez, type hinting isn't for primitives! Just because the prototype has hinting in the documentation, that doesn't actually mean anything - type hinting in PHP only works on objects, and doesn't cast anything; only crashes if the wrong type of object was supplied.
|
# ¿ Jun 22, 2012 23:40 |
|
"Private programmers poo poo-bagging employers' code bases and other co-workers chat" Just rolls off the tongue.
|
# ¿ Jun 23, 2012 03:02 |
|
php:<? foreach ( $_POST as $k1 => $v1 ) $$k1 = $v1; foreach ( $_GET as $k1 => $v1 ) $$k1 = $v1; ?>
|
# ¿ Jun 25, 2012 07:37 |
|
Vanadium posted:http://opalang.org/ of course! Fun fact: "Opa" is "Grandpa" in German. I will only see that as an old man language. e: Their FAQ covers the various meanings in different languages, pretty much none of which could have any positive connotations in web. bobthecheese fucked around with this message at 10:51 on Jun 29, 2012 |
# ¿ Jun 29, 2012 10:48 |
|
php:<? //make sure this cron isn't already running exec("ps aux", $output); $num=0; foreach($output as $eachProg){ if(strpos($eachProg,"exportToFastpick.php")!==false){ $num++; } } if($num>1){ die; }?>
|
# ¿ Jul 4, 2012 01:38 |
|
Geekner posted:Anyone who thinks switch fall-through isn't a good feature should write a state machine. The other day I wrote a post about possible changes to switch statement flow through. The concept may or may not be a horror (I'll leave that up to you to decide), but not quite as much of a horror as this piece of documentation from PHP: quote:Note: Note that in PHP the switch statement is considered a looping structure for the purposes of continue.
|
# ¿ Jul 11, 2012 08:37 |
|
Zamujasa posted:Of course, they stressed to the new hire that we're a very serious and secure company! Do you work for Tesco UK? Apparently saying "We're serious about security and our measures are robust" is the same thing as actually having robust security measures. TMYK
|
# ¿ Jul 31, 2012 22:23 |
|
code:
...gently caress... At least I'm getting paid well for this.
|
# ¿ Sep 14, 2012 13:03 |
|
Optimus Prime Ribs posted:Looks like someone doesn't fully understand how to use booleans: Except, as silly as it is, that could actually serve a purpose. If they're both false, then the user hasn't yet registered an opinion on the disclaimer. If the 'acceptedDisclaimer' is 'yes', then they've seen and accepted the disclaimer. If the 'acceptedDisclaimer' is 'no', then they've seen and rejected the disclaimer. 'yes' and 'no' are obviously, in this instance, strings that are set when the user either accepts or rejects the disclaimer. Is it a great way to do it? Probably not, but it's not that much of a horror, really.
|
# ¿ Sep 18, 2012 00:51 |
|
php:<? function addDays($day){ $result = date("Y-m-d",time()+24*3600*$day); return $result; }?> #EDIT: php:<? $EntryDate = addDays(0); $today = addDays(0); ?> php:<? function MakePretty($day){ //$result = substr($day,5,5) . "-" . substr($day,0,4); return $day; }?> bobthecheese fucked around with this message at 08:14 on Sep 26, 2012 |
# ¿ Sep 26, 2012 08:08 |
|
I... I give up. Seriously, gently caress. I'm out.php:<? $resultProfit = ConnectToDatabase($sqlProfit); if (mysql_num_rows($resultProfit)>500) { $resultProfit = ConnectToDatabase($sqlProfit." LIMIT 500"); } ?>
|
# ¿ Oct 2, 2012 23:53 |
|
|
# ¿ Apr 18, 2024 06:25 |
|
McGlockenshire posted:Connect-query-disconnect is not uncommon among clueless newbies. It's actually not that bad, thankfully (it may have been at some point in the past). It's a wrapper around mysql_query with some basic error handling, analytics, etc. In general, with PHP, the process is: Connect -> run all your queries -> forget about it because PHP will disconnect automatically
|
# ¿ Oct 3, 2012 06:27 |