| « Prev | Page 1 | Page 2 | Page 3 | Next » |
|
A selecter, huh? So what's the selectest!
|
|
Dare I say "Javascript has the best WTF's" ? |
|
Rofl, so if I'm reading this right, if he has 10, 210, 310 and 410 checked, and he unchecks 10, he ends up with 234 checked? Good thing the ids are so high!
What does the g in the eval line do? |
g = global replace. otherwise, only the first "10," would be replaced. |
I was originally going to make a joke about the javascript as an effort to make sure that the checked checkboxes were, like, really checked, so they didn't have a situation like the 2000 Florida vote with the hanging chads and whatnot. Then I re-read the bit about the WoW site and though, aw, hell, that's funnier than anything I could come up with anyway. |
|
I guess he is unfamiliar with $_POST in PHP?
|
|
Is it safe to remove my welding goggles yet?
|
Yeah, this is awesome! For fun, paste this code on your machine at work, add some checkboxes where the ids are substrings of the other ids, and change the hidden input to text so you can see it as it messes up the list of ids. And all this for something the browser does for you when it posts the form, had the developer been 1337 enough to give all the checkboxes the same name, with each value being the id. |
Yes, but then he wouldn't be able to handle "input" from mutliple pages in his insert.php file. At least that's what i'm guessing he did. Based on the prefix of fthe checkboxes, he probably had some huge switch statement in that file that knew what values were selected on what page. It's the new duct tape...insert.php! Or, am I completely off here? |
|
I did not interpret "in trouble" as getting fired. If he did not get fired for trying to sell proprietary software on eBay...that might be a bigger WTF than his whole system. |
Unnecessary: assuming the point of this was to convert a POST to a GET, all he had to do was change <form method="POST"> to <form method="GET"> I'm pretty sure GET is the default anyway. I can't for the life of me figure out why the fuck he thought he needed the javascript. |
|
As javascript in itself was designed with good intentions, there are many facets about the language and the varying browser capabilities that can eventually drive your code into WTFland for the next developer...
|
|
Holy crap.
Err. Unholy Crap. 'Nother instance of "TTWTASO" design pattern (trash the whole thing and start over) |
|
The story around it is differenct, or this could be jscript from the place I at now as an on-site contractor! This job was presumably modifying about 8 web pages. But it turned out the pages had server-side jscript rendering client-side jscript with this kind of garbage code, plus putting values in and out of XML strings by someone not knowing how to use XML. That just my rant on the web pages! In fact, some samples were submitted to WTF, but Alex only had sympathy for me. Don't recall if it was duplicate stuff or wasn't humorous enough to use. But it has kept some of my sanity reading WTF and seeing I'm not the only one dealing with bad coding and applications. (Someone had to ask real nice to get me to come here and rescue a project that was sinking. The first guy placed here couldn't figure out what to do.)
|
|
Oh yes, forget the whole $_REQUEST.....very nice. I've always wanted to create the new and improved version of that. Lol...
It's almost as bad as the new link tag seen elsewhere on this site last week... <a onclick="location='http://www.aximilation.com'; return false;" href="#">The <em>new</em> link!</a> (I'm making a t-shirt!) |
This is what happens when someone hears the term 'MVC' in passing and then reads a random blog post. Because nothing controls like a single file with 20,000 if statements. |
Notice the bolded parts. When the page loads, all the boxes are checked. If you submit without un-checking and re-checking the box you want, there is no value in the "checkedValues" field. |
Resistance is futile. |
|
It's so beautiful! I'm crying... no wait... that's blood... FROM MY EYES!
|
Wait, I was wrong. That doesn't say "checked" it says "on". This was so stupid I mentally filled in what he should have been doing instead of what he actually did.
Wow, that's a lot of work to be so wrong. |
Re: A New Type of Formation
2006-08-30 14:50
•
by
Tomer Chachamu
|
|
Actually, 'value="ON"' does not mean the box is checked. It just means that if it *is* checked, the value to send to the server is "ON".
Considering that that value presumbly isn't used (since checkedValues.value holds the list of checked checkboxes) you have to wonder why it's there. Just another copy-paste job, I suppose... |
Web-neophyte here - I thought check boxes could only be true/false, or possibly [un]checked. "On" ??? |
Huh? value="on" doesn't autocheck a box on the page load. I think you are thinking of <input id="check_4273842" onclick="onCheck('4273842')" type="checkbox" |
Check boxes pass whatever is in the "value" attribute to the form action page when they are checked. If they are not checked, they pass nothing. If more than one checkboxes have the same name, all that are checked are passed in a single variable as a comma seperated list. Basically, the guy/gal wrote a bunch of crap code to do what standard html forms already do. |
|
It burns.
It burns. So. Much. Please. Someone make it stop! |
Thanks - I know just enough about all-things-web to realize how little I know about all-things-web (I tend to stay on the server-side of things - where I know what I'm doing). |
|
> If more than one checkboxes have the same name, all that are
checked are passed in a > single variable as a comma seperated list. Not true. If more than one checkbox with the same name is checked, then each value is included as a separate name=value pair in the HTTP request. For instance, if the form has a method of GET and the browser uses the old ampersand separator instead of the newfangled semicolon, a form with three checkboxes named "box" checked might take you to this URL: http://foo.com/mySpiffyPage.php?box=yup&box=nope&box=is_too How that is presented on the server side depends on the language and API being used. I've seen ASP's that seem to indicate that VB in an ASP will give you a comma-separated string, though I don't know how you then deal with commas in an individual value. Most APIs provide a means of getting the list of values as an array; Perl's CGI::param automatically returns an array in list context if there's more than one value, for instance. PHP apparently discards all but the last value unless the name ends with [], which isn't even legal HTML. Of course, there are various add-on solutions to this problem that all involve manually reprocessing the form input... |
I knew this didn't sound right, so I tried it. What I got in the URL for a GET request looked like this: key=test&key=test2 Now, your language/CGI parser library may change this into something nicer like a comma separated list for you, but the data is actually sent as multiple key=value pairs, only using the same keys. |
Sure you're not missing anything. WTF on WTF |
|
Thanks for the correction. I guess you learn something new everyday. I am mainly a client app programmer, so my experience is limited to a couple ASP and coldFusion (gross, I know) hobby sites I help my fellow geeks maintain. And the answer to your question is that you learn to keep commas out of the indivdual checkbox values pretty quickly. |
|
>Actually, 'value="ON"' does not mean the box is checked. It just means that if it *is* checked, the value to send to the server is "ON".
My eyes are checkered, does that mean they are on? |
I'm afraid of:
|
|
Good god, I actually tore at my skin with my fingernails when I read this.
|
|
I could imagine why one would want to reconstruct the querystring and bypass the normal form submission. For instance if there is another javascript function attached to the onSubmit event and for some reason you don't want it to run when you click on that button.
The eval on the string replace is a bit weird. It looks like a workaround for someone who don't know about the RegExp() object (you can't use variables with the // notation). But you don't really need a regular expression in the first place. |
|
Just to clarify from the PHP people... Is there some reason you wouldn't just use the following ... like I'd do with a Java/Servlet back-end? Is there some reason building a comma separated string would make things easier in PHP? I would just use the HttpServletRequest to give me an array of the "chosen" parameters...
<form id="selecter" name="selecter" action="insert.php"> <input class="button" type="submit" value="Submit" /> ... <input type="checkbox" name="chosen" value="4273844" /> ... <input type="checkbox" name="chosen" value="4273843" /> ... <input type="checkbox" name="chosen" value="4273842" /> ... </form> |
Umm.. how so? If my memory serves me correctly, "name"-attribute of input-elements is of type CDATA, which means "a sequence of characters from the document character set"... so ending a name with [] is just about as allowed in HTML as ... well, just about anything :) |
Oooh, I need to get a webcam at my desk too. |
|
Young Padewan - checkboxes have three states - true, false, and FileNotFound.
"On" is indeed the real WTF here. |
Yeah, let's combine a great big web app design flaw with a PHP-specific design flaw: SQL injection annnnnd register_globals... =) |
You would be very surprised (well, no, you wouldn't really) how many people who work with one of those languages every day, and are paid to do so, actually think that the browser sends a comma-separated list. captcha: whiskey |
Yes, there is a reason. See http://fi2.php.net/manual/en/faq.html.php#faq.html.arrays for explanation. However, if your example were like 'name="chosen[]"', there would be no problem; we'd have array $_GET["chosen"] to use :) |
PHP isn't the only "framework" that uses that kind of thing either. Struts, for instance, uses the hell out of it. Captcha: error |
Well, if you're going to use xhtml you should make it <input id="check_4273842" onclick="onCheck('4273842')" type="checkbox" name="check_4273842" checked="checked"/> |
Re: A New Type of Formation
2006-08-30 16:36
•
by
WHO WANTS TO KNOW?
|
|
Actually, PHP even has a design flaw that makes this CHILDS PLAY! Then again, the new PROPER way isn't much harder. PHP was built from the ground up to work with this stuff. Steve |
Hard to believe. How can a programming language especially made for web programming require such client-visible workarounds to accomplish such basic tasks? Even Oracle's Web toolkit (web programming in PL/SQL, introduced around '99) does it better. |
Maybe, but struts has a higher level of abstraction. |
|
PHP will only accept arrays of inputs if the input is named with a [] suffix. This is a pet peeve of mine, I feel that a proper server side web scripting language *should* be able to handle whatever form data is sent at it sanely.
If I remember ASP correctly (it's been a while), if you read the input directly, you get a comma separated list but you can also read the input as an array [Don't remember how but it's fairly simple]. I think the comma separated list is an awful holdover from htx/idc of the original IIS (Makes me feel queasy just thinking about it). Rich |
It's not a work-around, it's just how things are done. PHP isn't an amazingly clever language, but what's wrong with using [] to return an array? It's no more client-visible than using the same name without [] for each element. |
Cheers for this! I am relitivly new to PHP programming and was trying to do somthing similar (trying to get PHP to accept an array of inputs, not the horrible javascript thing) and ran out of energy to Google it and find out. So this just saved me some time. I have done similar things in perl and PL/SQL and both seem simpler to me but I guess it is just a quirk of the language. |
| « Prev | Page 1 | Page 2 | Page 3 | Next » |
Andreas had a pretty good idea of what he was getting in to. The job posting subtly included the duty of "helping to straighten up the software environment." The technical screening consisted of three questions: what is HTML, what is PHP, and what is SQL. And the interviewer subtly mentioned that the previous programmer was a "great guy, but had a few quirks." Yes, Andreas knew he was walking into a nicely presented system that's more messed-up than a building flattened with a 2-ton bomb ... shortly after being flattened with a 5-ton bomb. But that's OK; it would be a challenge.
rmr: