| « Prev | Page 1 | Page 2 | Next » |
|
1st post, yay! ok, setting and "fixing" sql is a major no no, ouch, it hurts to look at this...
|
|
Argh! My eyes! |
|
Function fncSetSQL_good(ByVal strSQL As String) As String fncSetSQL_good = strReMade Same deal for fncFixSQL, just switch the last two parameters of each Replace function call. I can't even list all the WTF's with this code (if you're going to ignore the obvious "Why TF was this created?") Creating a separate variable to track the length of a string instead of just using Len(str) as the loop criteria, looping through a string character-by-character instead of using the Replace function, that useless intSave variable which serves only to show that this VBA moron doesn't know how to nest functions... OW dammit I got so mad I just burst a blood vessel in my eye! |
|
The best part is if you call these one after the other (in any order), you get what you started with.
|
|
This design takes advantage of some of the more advanced compression algorithms in today's processors.
|
|
Is this some sort of weird attempt at preventing injection attacks?
|
|
hey - i get it - the wtf is that they forgot to tokenize "-" and "_" first, right!?
|
|
As far as I understood, when you push the input first through fncSetSQL
and then through fncFixSQL, the effect is that it replaces "_" with " " and "~" with "#". WTF? |
|
I think it's safe to assume it also calls a function that converts the units to metric then calls another to convert them back to English. But did they remember to change any critierion value that's "green" to "hedgehog" and back again? --Rank |
On second thought, I'll use my own advice of nesting functions and eliminating useless variables and reduce the function to one line: Function fncSetSQL_kickass(ByVal strSQL As String) As String Ooh yeah that feels much better, like wiping your ass with an angel's wing. |
|
Not if your query happens to include '_' or '~'. Then it'll come back broken after you 'fix' it.
|
|
So, if I start with:
select * from table_with_common_naming_convention I get select_* from_table_with_common_naming_convention which translates to select * from table with common naming convention and gives me a syntax error. I love it. Hunt that bug down, if you can. |
|
I'm wondering... what is the purpose of encoding an SQL and then decoding it (besides the fact it won't work if the original SQL contains '_' and '~', as previously mentioned)?
|
|
Wow, I really must be a total idiot, because I can't see for the life
of me why you would want to use these functions. Could someone please explain this for me? Thank you. |
|
Oh, come on. Can NOBODY see the reason for this code?? He's passing the SQL from the front end to the back end as a URL parameter. This is a poor implementation of a URLEncode. (Generates a whole other universe of WTFs, but I think it explains it!!!) That or the system USED TO pass the SQL inside a URL, but someone looked at the code and said "WTF??" and fixed it to be a little more secure, but didn't change all the "surrounding" helper functions. Wait, what's wrong with passing SQL strings in user-visible URLs ??? ;) |
|
I'm gonna guess that the SQL queries are stored in the filesystem
(perhaps for easier cross-DB conversion?), and the "strSQL" is the filename, so space or tilde might cause trouble with some filesystems and are replaced with _ and #. I hope. Otherwise, somebody is just nutso. |
|
Wouldn't that be: Job_Security ?
|
This was most likely an act of espionage from a disgruntled employee against the evil soulless corporation that burned down his house, slept with his wife, and kicked his dog. That's the only explanation for an atrocity like this. That or rampant stupidity. |
|
But what can we suggest for our operative Jon on how to comment this code? I mean, other than just: 'WTF? How about: Function fncSetSQL(strSQL) And Function fncFixSQL(strSQL) --RA |
|
Come on Jon, where's the professional explanation?
|
|
I'm waiting for the_guy_who_likes_underscores_in_names to show up and talk about how fatally broken this is.
With a softball bat, I'm waiting. |
|
Wow... Can I suggest an obvious refactoring... rename "fncSetSQL" to "fncBreakSQL".
|
My first thought as well. He was, at some point, passing the SQL through a webserver and the functions were used to make the string pass through properly. Then somebody later saw it, and after changing their pants, removed that bit without removing these wrapper-esque type functions sprinkled throughout the code.
|
That's two words. |
This would mean they would have to actually read a manual or KNOW something about the language they are developing in. How many times have we seen this? Why does it seem so hard to as a simple question like, "Hey does anyone know if [insert language here] has a function to [insert request here]?". NO! They just go around and continue to reuse code they once developed while learning C, FORTRAN, or COBOL back in college or at their first job. Computer languages have actually evolved and continue to. Replace, Substring, Len, Split, Join, etc. They actually exist! USE THEM! (the whole time I was writing this I was imagining myself shaking this person) Back to taking my pills before I really fly off the handle. Crazy Joe Devolia! |
|
I love how the encoding is not one-to-one and the decoding is not onto.
|
|
I don't think the code was meant to mangle SQL, probably just used to
mangle the values of an SQL and then try to unmangle them again when extracting from the database. Of course, this will not work if the original data includes '_' og '~'. thus do something like "INSERT INTO xxx VALUES ( " & mangle(value1) & "," & mangle(value2) ...& ");" Why on earth anyone would believe removing " " and "#" from values is any good is in my oppinion the WTF in this, but then again it may be due to company policy. |
Its only one word after processing it with fncSetSQL. |
Well, they are, provided that the unencoded domain excludes strings with # and ~. |
... er, _ and ~. |
Unless your original contained _ and ~, in which case you're screwed |
|
The real WTF is the manager who thought a productive use of Jon's time
was to force him to document other people's code. This WTF entry is aptly titled indeed. What we have is a manager who fucked up by not requiring the original developer to comment and to produce quality code (or just submit to a code review). The manager clearly doesn't understand that trying to document someone else's code is the slowest, most wasteful activity into which a programmer can sink his time. The whole reason OO was conceived was because some smart people noticed this, and realized development would go a hell of a lot faster if classes were opaque and a programmer didn't have to poke through another's code just to learn how to make use of the stuff. |
|
I love this code, and for those believing that this is an URL-decoder, whaa? There are no # in urls, and _ are _ not " ".
... maybe something translates this somewhere, I use PHP. |
|
I haven't read the source code for Microsoft Foundation Class Libraries lately, but back in the mid-1990s, there was similar code in MFC's CRecordset to turn a collection of fields into an SQL SELECT statement, then go back and fix up the punctuation in the constructed string, because it had gotten it wrong the first time.
|
What are you talking about, # (fragment identifiers) have always been part of URL encoding. |
|
Only a VB programmer could have done such a dumb thing. VB programmers are absolutely dumbest among all. They should prohibit using that dumb language, so dumbsters would go to find out they aren't able to code in anything less dumb than VB, let's say simple C, and go washing pools instead.
|
That's the point, I think. The "set" function replaces "#" and " " characters - neither of which are valid in URLs - with "~" and "_". "Fix"ing the SQL does the opposite. Well, except that it mangles your other _ and ~ characters, of course. Not trying to defend this WTF, just replying. |
|
I like that the two functions contain the same casing here:
strReMade = strRemade & strLeft Obviously they're copy & paste, which makes it even more fun. |
|
Damn VB or C# every time. Does no one have any LISP or FORTRAN WTFs to share?
|
|
No that would be nounJobSecurity
|
It says "comment on", not "comment". It sounds to me like Jon was just doing a code review, which is a good practice. |
Re: Rewarded with Commenting
2005-11-29 18:33
•
by
Gene Wirchenko
|
This could be a valuable clue. To be fair, it is also a few others. Older programming languages do not make it here too often. Sincerely, Gene Wirchenko |
That or it one of the rare new managers with a clue about managing, who thinks Jon is a good judge of code. Thus Jon was asked to review code that might or might not be bad, to see where he needs to find time to fix code before it becomes a problem. Hey, we can all dream, can't we? Of all the managers in the world there must be one that is this smart. (though dreaming of 2 would be going too far) |
The # character is valid. It is used to point to anchors inside the HTML document. That's how to get the browser to move to a certain point inside the page when the page is loaded, instead of starting always at the top of the page. You can put an invisible anchor at the top of the page:
...and then put a link to the anchor at the bottom of a very long page:
...so users can go back to the navigation menu at the top of the page without scrolling. I have found that anchors generally confuses users a lot because they don't understand that a link can bring you back to the same page you were in, and they don't look at the URL as a geek would do. Also, if the anchor and the link are very near to each other, nothing appears to happen, so they click several times in a row with no apparent effect :) It gets better then, because they hit "back" and they get brought back to the same place, then they hit it again several times and they keep getting brought back several times to the same place until they get back to the expected behaviour :) |
Actually that was my first idea when I saw the code: that's someone who learned LISP (or something more B&D along the same lines, say SCHEME) a long time ago and was put to work on a VB project that just pisses him off so he's completely unwilling to learn its paradigms. But then I'm probably just being a naïve optimist who'd prefer rebellion as a reason over sheer stupidity... |
|
The real WTF is not so much the verbosity of the functions nor the
futility of such functions. It's all about SQL Injection Attacks! "A system is only as secure as your dumbest programmer developing the self-same system." |
|
You guys have it all wrong. The original *ahem* programmer meant to do this: Function putItIn(ByVal wtf As String) Dim intCount, shakeLeft Dim shakenLeft = "" intCount = Len(wtf) Dim intSave Do While intCount <> 0 If (shakeLeft = " ") Then
ElseIf (shakeLeft = "#") Then
Else
End If intSave = Len(wtf) - 1 wtf = Left(wtf, intSave) intCount = intCount - 1 Loop Return shakenLeft End Function
Function putItOut(ByVal wtf As String) Dim intCount, shakeRight, intSave Dim shakenRight = "" intCount = Len(wtf) Do While intCount > 0 If (shakeRight = "_") Then
ElseIf (shakeRight = "~") Then
Else
End If intSave = Len(wtf) - 1 wtf = Right(wtf, intSave) intCount = intCount - 1 Loop Return shakenRight End Function
Function shakeItAllAbout(ByVal wtf) Dim intCount, shakeAbout, shakeAbout2, intSave Dim shakenAbout = "" If (wtf.Length Mod 2) = 1 Then If (shakenAbout = "~") Then
ElseIf (shakenAbout = "_") Then
End If shakeAbout = Left(wtf, Int(wtf.Length / 2)) shakeAbout = shakeAbout & Right(wtf, Int(wtf.Length / 2)) wtf = shakeAbout End If intCount = Len(wtf) Do While intCount > 0 If (shakeAbout = "_") Then
End If
If (shakeAbout2 = "~") Then
End If shakenAbout = shakeAbout2 & shakenAbout & shakeAbout intSave = Len(wtf) - 2 wtf = Right(wtf, wtf.length - 1) wtf = Left(wtf, wtf.length - 1) intCount = intCount - 2 Loop Return shakenAbout End Function Function doTheHokeyPokey(ByVal wholeSelf, ByVal wtf) Return wholeSelf End Function Function turnYourselfAround(ByVal wholeSelf) Dim intCount, turnAround Dim turnedAround = "" intCount = Len(wholeSelf) Do While intCount > 0
Loop Return turnedAround End Function Function andThatsWhatItsAllAbout(ByVal rightFoot, ByVal leftFoot, ByVal rightHand, ByVal leftHand, ByVal rightSide, ByVal leftSide) Dim wholeSelf = "" rightFoot = putItIn(rightFoot) rightFoot = putItOut(rightFoot) rightFoot = putItIn(rightFoot) rightFoot = shakeItAllAbout(rightFoot) wholeSelf = doTheHokeyPokey(wholeSelf, rightFoot) wholeSelf = turnYourselfAround(wholeSelf)
leftFoot = putItIn(leftFoot) leftFoot = putItOut(leftFoot) leftFoot = putItIn(leftFoot) leftFoot = shakeItAllAbout(leftFoot) wholeSelf = doTheHokeyPokey(wholeSelf, leftFoot) wholeSelf = turnYourselfAround(wholeSelf)
rightHand = putItIn(rightHand) rightHand = putItOut(rightHand) rightHand = putItIn(rightHand) rightHand = shakeItAllAbout(rightHand) wholeSelf = doTheHokeyPokey(wholeSelf, rightHand) wholeSelf = turnYourselfAround(wholeSelf)
leftHand = putItIn(leftHand) leftHand = putItOut(leftHand) leftHand = putItIn(leftHand) leftHand = shakeItAllAbout(leftHand) wholeSelf = doTheHokeyPokey(wholeSelf, leftHand) wholeSelf = turnYourselfAround(wholeSelf)
rightSide = putItIn(rightSide) rightSide = putItOut(rightSide) rightSide = putItIn(rightSide) rightSide = shakeItAllAbout(rightSide) wholeSelf = doTheHokeyPokey(wholeSelf, rightSide) wholeSelf = turnYourselfAround(wholeSelf)
leftSide = putItIn(leftSide) leftSide = putItOut(leftSide) leftSide = putItIn(leftSide) leftSide = shakeItAllAbout(leftSide) wholeSelf = doTheHokeyPokey(wholeSelf, leftSide) wholeSelf = turnYourselfAround(wholeSelf)
wholeSelf = putItIn(wholeSelf) wholeSelf = putItOut(wholeSelf) wholeSelf = putItIn(wholeSelf) wholeSelf = shakeItAllAbout(wholeSelf) wholeSelf = doTheHokeyPokey("", wholeSelf) wholeSelf = turnYourselfAround(wholeSelf) 'And that's what it's all about! End Function
Sorry for the length of this post and especially if it does not format correctly (first timer here) but I couldn't resist ;) |
|
I love VB programmers. They've obviously never taken even an entry-level programming class, only know one form of flow control, and have only a tenuous grasp of any API.
It's obvious that this guy only knows while/do, and can't grasp nesting precedence (inside-out!). For the record, I could point to my first quarter Pascal project and we could all laugh at "mr. doesn't get pass-by-reference or scope, so let's make everything a global variable" |
There's a reason that the new (read: dumbed down) languages are so heavily represented here... |
| « Prev | Page 1 | Page 2 | Next » |
Manni: