For as long as he could remember, one Millan C's clients had always bragged about having their very own, in-house PHP Guru. "You could really learn something from this guy," they would often tell him, "he's brilliant, you know! And a guru!" Not being a particularly big fan of PHP, nor really interested in meeting the guru, Millan always put it off for "some day."

One day, however, it was pretty clear that "some day" would never happen, as the guru left for greener pastures. "It couldn't have been worse timing," Millan's client said frantically, "our website's traffic exploded, and everything is slowing to a crawl! The guru's consulting rate is just too high for us... can you fix it?"

Since he knew his way around PHP, Millan agreed, and opened up the website's code. The first thing he saw was the following function declaration.

FUNCTION NAME:      saveForm

PARAMETER(S): 1st = how many fields to skip at the start
              2nd = how many fields to skip at the end
              3rd = tablename to save info into
              4th = array of items to check for duplicate
                   entries if needed

RETURNS:     returns either an error or success message
function saveForm($a,$b,$c,$d,$e){

Note that the guru left the definition of the 5th parameter ($e) as an exercise for his successor. In fact, the entire "library" of 46 functions used to process form contents has arguments like this:

function checkLogin($a,$b,$c,$d,$e){ ... }

And naturally, this code lead towards such obvious and clear constructions as follows.

$sql = "SELECT * FROM ".$c.
       " WHERE ".$d." = '".$a.
       "' AND ".$e." = '" .$b."'";

You following along? That's where $d = $a and $e = $b! Few things are more of a pleasure to debug. Nevermind the SQL Injection.

But the good news was that the guru managed to put an "INDEX" at the header of each of his files. You're familiar with those, right? In case your search command is broken, it tells you what line numbers each of the functions are on.

INDEX:   showStates          ln 68
         showCountries       ln 102
         validateForm        ln 132
         saveForm            ln 179
         resetPassword       ln 240
         checkLogin          ln 266
         logout              ln 297
         subscribe           ln 308

Of course, the INDEX was hopelessly out of date. In the end, Millan advised his client to either pay for a rewrite or pay the guru's rate.

[Advertisement] BuildMaster allows you to create a self-service release management platform that allows different teams to manage their applications. Explore how!