EvalToInteger, 'gumdrops', and More

  • ParkinT 2012-04-09 07:17
    Visible -- When this Post is read it is Visible
    Hidden -- When this Post is read it is Hidden
    FIRST -- When this Post is read it is VeryFIRST
  • Sam Vimes 2012-04-09 09:07
    That's Constable Carrot, thank you very much.
  • SCSimmons 2012-04-09 09:10
    string sql = "exec spRequestInitechData '"
    + txtData.Text.ToString().Replace("'", "''") + "'";

    Sometimes, I can't imagine the thought processes that lead to the WTF. I think it may be scarier when I can.

    "We should escape the apostrophes when we build the SQL command, to prevent injection attacks."
    "Actually, I've heard that the accepted standard is to use stored procedures."
    "Oh. Hey, I've got an idea. Let's do both! Belt and suspenders, right?"
    "Brillant!"
  • WhoMe 2012-04-09 09:17
    What exactly is wrong with this?

    $dir = 'test';
    
    if (!file_exists($dir) || !is_dir($dir))
    {
    exec('mkdir '.$dir);
    }


    Safe mode == exec. It's not ideal, but it works.
  • Quietust 2012-04-09 09:24
    WhoMe:
    What exactly is wrong with this?

    $dir = 'test';
    
    if (!file_exists($dir) || !is_dir($dir))
    {
    exec('mkdir '.$dir);
    }



    What, you mean aside from the fact that it's failing to use the mkdir() function?
  • Kendall 2012-04-09 09:39
    Come on, even Excel has VeryHidden data. Nothing wrong with keeping the users out of the icky stuff.
  • Makkhdyn 2012-04-09 09:54
    The "parseStringData()" method isn't that weird.

    "replace()" replaces (as its name states) a character with another, but here every '/' is removed; it's not quite the same thing as a replacement.

    Sure it could have been better, going through the "char[]" version of the "String" and putting every non '/' character into a "StringBuilder" is way more efficient than using "split()" (which is a regex), but still, it isn't _that bad_.
  • Makkhdyn 2012-04-09 09:55
    PS: I assumed it was Java code.
  • kjordan 2012-04-09 10:00
    Makkhdyn:
    The "parseStringData()" method isn't that weird.

    "replace()" replaces (as its name states) a character with another, but here every '/' is removed; it's not quite the same thing as a replacement.

    Sure it could have been better, going through the "char[]" version of the "String" and putting every non '/' character into a "StringBuilder" is way more efficient than using "split()" (which is a regex), but still, it isn't _that bad_.

    But with replace() you can choose to use an empty string to replace with.
  • Don 2012-04-09 10:03
    Actually, hidden/visible/veryhidden is probably akin to the Excel functionality for sheet visibility; when just hidden the sheet is there but you can get it back very easily using the unhide functionality. Veryhidden means it will only be unhidable by use of VBE or the immediate window (both of which you can lock down).

    I would imagine the functionality is looking to do something like that; in other words hidden just means from view but accessible through the GUI or app, with an option to unhide; while veryhidden means only code can unhide.

    Or maybe the function is part of an Excel library itself?
  • Programming 101 2012-04-09 10:04
    if (!file_exists($dir) || !is_dir($dir))
    if (!file_exists('test') || !is_dir('test'))
    if (!TRUE || !FALSE)
    if (FALSE || TRUE)
    if (TRUE)

    So if 'test' exists and is not a dir, a dir named 'test' will be created?
  • Makkhdyn 2012-04-09 10:05
    Only since java 1.5, if you work with an old code (which can happen [really, it happens to me all the time]) this kind of "gem" can be found everywhere.
  • Nagesh 2012-04-09 10:11
    When makeing directorys it must be avoideing the "horse race condition" that another user takes you directorie befor you used it. This bug cause hakker joy steel all data etc. Must use current time to create garenteed uneek directorie then rename to 'test' or watever name is reallee wanted. Sum language have function to do this alreadee. Any professional programmeer know this best practic.
  • Zylon 2012-04-09 10:21
    Sam Vimes:
    That's Constable Carrot, thank you very much.

    Constable Carrot of the Yard!?
  • doctor_of_common_sense 2012-04-09 10:40
    meh. Seen a lot worse. Until the setting drop down category selection to "I Am Krogan" does something nefariously stupid, all these WTFs are nothing more than a coffee stain on a book in someone else's trash.
  • Loren Pechtel 2012-04-09 10:47
    What's the problem with:

    public static int EvalToInteger(string statement) {
    string s = EvalToString(statement);
    return int.Parse(s.ToString());
    }

    Note that the supplied string is named "statement"--I would assume EvalToString is doing some sort of evaluation, it doesn't just return what was passed in.
  • sadwings 2012-04-09 10:47
    Nagesh:
    When makeing directorys it must be avoideing the "horse race condition" that another user takes you directorie befor you used it. This bug cause hakker joy steel all data etc. Must use current time to create garenteed uneek directorie then rename to 'test' or watever name is reallee wanted. Sum language have function to do this alreadee. Any professional programmeer know this best practic.


    I miss TopC0der, but you are fun too.

  • Fred 2012-04-09 10:49
    VeryHidden Very Hidden. When the item is serialized out as xml, its value is "veryHidden".
    Were it not for this line, the table could have been completely machine generated. But the three variations on "very hidden" suggest at least the possibility that some human drudge-drone was involved -- but not human enough to realize that an actual explanation might be useful.

    Anyway, why is it a table? Shouldn't it be XML?
  • Jack 2012-04-09 10:53
    sadwings:
    Nagesh:
    When makeing directorys it must be avoideing the "horse race condition" that another user takes you directorie befor you used it. This bug cause hakker joy steel all data etc. Must use current time to create garenteed uneek directorie then rename to 'test' or watever name is reallee wanted. Sum language have function to do this alreadee. Any professional programmeer know this best practic.

    I miss TopC0der, but you are fun too.
    I'm operating on the assumption that they are the same person. After all, didn't Alex banish TopCod3r to India? (As a fate worse than death, it is the supreme punishment.)
  • Paul Neumann 2012-04-09 10:55
    # Find the last 200 transactions
    logging.debug( "Finding the last 600 transactions" )
    ConnMysql.query("select Id from Transactions order by ts desc limit 0,10000 ")


    This is quite obvious. The requirements changed. Everyone knows only green code needs to be commented. When changing existing code, the intent is already clear so updating the documentation is merely a work avoidance technique.
  • emurphy 2012-04-09 11:03
    Loren Pechtel:
    What's the problem with:

    public static int EvalToInteger(string statement) {
    string s = EvalToString(statement);
    return int.Parse(s.ToString());
    }

    Note that the supplied string is named "statement"--I would assume EvalToString is doing some sort of evaluation, it doesn't just return what was passed in.


    Maybe so, but s.ToString() is redundant, and what's left is simple enough that you might want to compact it into one line:

    return int.Parse(EvalToString(statement));

    Still, if your assumption is correct, then what's left is a relatively small WTF; on the same scale as BDate and EDate, where AFAICT the only WTF is that ToUpper() is unneeded.
  • emurphy 2012-04-09 11:04
    Fred:
    VeryHidden Very Hidden. When the item is serialized out as xml, its value is "veryHidden".
    Were it not for this line, the table could have been completely machine generated. But the three variations on "very hidden" suggest at least the possibility that some human drudge-drone was involved -- but not human enough to realize that an actual explanation might be useful.

    Anyway, why is it a table? Shouldn't it be XML?


    For robustness, you should print out the XML, photograph it on a wooden table...
  • Coyne 2012-04-09 11:06
    I think the visibility enumeration needs a few more enumerations. These come to mind: Sort of Hidden, Cleverly Hidden, Poorly Hidden, Extra Hidden, Forever Hidden, Optimally Hidden, Resolutely Hidden, Nervously Hidden, Unbelievably Hidden.
  • Tom 2012-04-09 11:07
    Whoever wrote that "EditTDemensions" function should be beaten.
  • PedanticCurmudgeon 2012-04-09 11:08
    Sam Vimes (fake):
    That's Captain Carrot, thank you very much.
    FTFY
  • FragFrog 2012-04-09 11:09
    Loren Pechtel:
    What's the problem with:

    public static int EvalToInteger(string statement) {
    string s = EvalToString(statement);
    return int.Parse(s.ToString());
    }

    Note that the supplied string is named "statement"--I would assume EvalToString is doing some sort of evaluation, it doesn't just return what was passed in.

    If there are any sort of naming conventions there, EvalToString will convert something to a string, just like EvalToInteger converts something to an integer. So now you have a string, which is evalled as a string, and then its string value is parsed.

    That doesn't sound the least bit redundant to you?

    Mind you, now I am assuming that a string variable's value is equal to it's .ToString value. Would not surprise me much if there is some weird null condition where that is not the case.
  • Terry Pratchett 2012-04-09 11:27
    Sam Vimes:
    That's Constable Carrot, thank you very much.


    You need to catch up now. I am dying and you're still stuck on the constable part. Carrot was promoted to Captain several books ago.
  • MiffTheFox 2012-04-09 11:30
    FangFrog:
    If there are any sort of naming conventions there, EvalToString will convert something to a string, just like EvalToInteger converts something to an integer. So now you have a string, which is evalled as a string, and then its string value is parsed.

    That doesn't sound the least bit redundant to you?


    I think the intended idea is that EvalToSTring will evaluate the statement and return the result as a string, just like EvalToInteger will evaluate the statement and return the result as an integer.
  • Paul Neumann 2012-04-09 11:32
    FragFrog:
    Loren Pechtel:
    What's the problem with:

    public static int EvalToInteger(string statement) {
    string s = EvalToString(statement);
    return int.Parse(s.ToString());
    }

    Note that the supplied string is named "statement"--I would assume EvalToString is doing some sort of evaluation, it doesn't just return what was passed in.

    If there are any sort of naming conventions there, EvalToString will convert something to a string, just like EvalToInteger converts something to an integer. So now you have a string, which is evalled as a string, and then its string value is parsed.

    That doesn't sound the least bit redundant to you?

    Mind you, now I am assuming that a string variable's value is equal to it's .ToString value. Would not surprise me much if there is some weird null condition where that is not the case.


    However, your entire naming convention assumption is that EvalToInteger is the same as int.Parse. If EvalToString is not the same as .ToString(), then EvalToInteger cannot be the same as int.Parse and the naming convention is preserved. The reverse is also true (though admittedly redundant (my shop calls this a "friction layer")).

    Therefore you have presented us with a tautolgy and yet complain it is false.
  • AB 2012-04-09 11:53
    [quote]"Like many fellow developers, the codebase I work on each day is terrible and devoid of any structure,"[quote]

    Hey, as a developer I may be terrible and devoid of any structure, but I resent being compared to that code.
  • Jay 2012-04-09 13:15
    With no clue what EvalToString does, the only thing odd about the example is that he takes a toString of a string, which is pointless.

    Some posters seem to be assuming that EvalToString converts an integer to a string, so that then doing the parse just converts it back, making the function pointless. But this clearly can't be true, as the input parameter is not an integer but a string.

    I don't see a WTF here at all. They have some function that does we know not what to a string, and gets a result that is another string. In at least some cases, this result is, in fact, parsable as an integer, so they have a second function that calls the first, gets the result, and then parses it to an integer. This seems like plain good coding to me. What would be preferable, to make another function identical to EvalToString except that it returns an int? Duplicating who knows how much code?
  • Lone Marauder 2012-04-09 13:17
    That last one reminds me of OSPF area types:

    Stubby
    Not So Stubby
    Totally Stubby
    Totally Not So Stubby

    I wish I were making this up...
  • Jay 2012-04-09 13:17
    I'm really surprised that no one has pointed out the obvious error in the enum. Of course there should be FOUR values: Visible, Hidden, VeryHidden, and FileNotFound.
  • method1 2012-04-09 13:25
    The "THIS SETTING SHOULD NOT BE 'TRUE'" WTF is classic. I can imagine this pattern is present in huge numbers of dodgy codebases. The "sort of 3(ish) value" "boolean". Hours of fun debugging & maintaining no doubt.
    The Visible/Hidden/VeryHidden one is the same as Windows Explorer's Visible/Hidden/Protected OS scheme, so a popular 'idea', though popularity is no guide to quality.
    Having just seen Jays post above, of course he's correct about 'file_not_found'
  • The Nerve 2012-04-09 14:09
    The System.out one is easily fixed at a global level.

    public class SystemInfoLogger extends PrintWriter {
    
    Log log = LogFactory.getLog(SystemLogger.class);

    public void print(String val) {
    if (log.isInfoEnabled()) {
    log.info(val);
    }
    }

    // other overridden methods here
    }

    public static void main(String[] args) {
    System.setOut(new SystemInfoLogger());
    System.setErr(new SystemErrorLogger()); // left as an exercise to the reader...I can't do all you're thinking for you.
    }
  • pjt33 2012-04-09 14:17
    emurphy:
    ... on the same scale as BDate and EDate, where AFAICT the only WTF is that ToUpper() is unneeded.

    Does DRY mean anything to you?
  • briverymouse 2012-04-09 14:25
    pjt33:
    Does DRY mean anything to you?


    I must admit I don't get it either. One is today's date, the other is tomorrow. Where does he repeat himself?
  • that guy 2012-04-09 14:26
    The first one looks like a part of this code, probably not a WTF.
    http://odetocode.com/code/80.aspx
  • jmacpherson 2012-04-09 15:02
    [I] [just] [don't] [see] [any] [problems] [with] [the] [classic] [ASP] [code] [.] [Where's] [the] [WTF] [?]
  • Alex Papadumbass 2012-04-09 15:05
    jmacpherson:
    [I] [just] [don't] [see] [any] [problems] [with] [the] [classic] [ASP] [code] [.] [Where's] [the] [WTF] [?]


    STFU. I am the boss here and if I have published it, it is a WTF. Print your expert opinions on a toilet paper and shove it up your ass.
  • PiisAWheeL 2012-04-09 15:36
    Jay:
    I'm really surprised that no one has pointed out the obvious error in the enum. Of course there should be FOUR values: Visible, Hidden, VeryHidden, and FileNotFound.
    Wrong wrong wrong! Its an enum, not a BOOL. True, False, and File_not_found are the 2 BOOLEAN VALUES we can pick from. It has no place in enums.

    Although, if hidden well enough, may not be found...
  • Nagesh 2012-04-09 15:50
    Alex Papadumbass:
    jmacpherson:
    [I] [just] [don't] [see] [any] [problems] [with] [the] [classic] [ASP] [code] [.] [Where's] [the] [WTF] [?]


    STFU. I am the boss here and if I have published it, it is a WTF. Print your expert opinions on a toilet paper and shove it up your ass.

    I know what ass is (shown, left), but what is toilet papper?



  • Nagesh 2012-04-09 15:54
    I am being re-encarnation, but not knowing my prevous identities.
  • Gary Olson 2012-04-09 16:01
    Private CARROT() As Char = {"^"c}
    Carrots contain vitamin A, not vitamin C.
  • Not Nagesh Either 2012-04-09 16:53
    Nagesh:
    When makeing directorys it must be avoideing the "horse race condition" that another user takes you directorie befor you used it. This bug cause hakker joy steel all data etc. Must use current time to create garenteed uneek directorie then rename to 'test' or watever name is reallee wanted. Sum language have function to do this alreadee. Any professional programmeer know this best practic.


    You are very bad at being Nagesh. "hakker"? "Sum"? Seriously, don't do it again.
  • PiisAWheeL 2012-04-09 17:10
    Nagesh:
    Alex Papadumbass:
    jmacpherson:
    [I] [just] [don't] [see] [any] [problems] [with] [the] [classic] [ASP] [code] [.] [Where's] [the] [WTF] [?]


    STFU. I am the boss here and if I have published it, it is a WTF. Print your expert opinions on a toilet paper and shove it up your ass.

    I know what ass is (shown, left), but what is toilet papper?



    And since we're on that topic... can we stop using the same 7 pictures of a 3rd world country over and over again everytime we want to demean the quality of work or people from india?
  • geoffrey, MCP, PMP 2012-04-09 17:14
    FragFrog:
    Loren Pechtel:
    What's the problem with:

    public static int EvalToInteger(string statement) {
    string s = EvalToString(statement);
    return int.Parse(s.ToString());
    }

    Note that the supplied string is named "statement"--I would assume EvalToString is doing some sort of evaluation, it doesn't just return what was passed in.

    If there are any sort of naming conventions there, EvalToString will convert something to a string, just like EvalToInteger converts something to an integer. So now you have a string, which is evalled as a string, and then its string value is parsed.

    That doesn't sound the least bit redundant to you?

    Mind you, now I am assuming that a string variable's value is equal to it's .ToString value. Would not surprise me much if there is some weird null condition where that is not the case.


    EvalToString obviously has to do something besides pass through the parameter passed in as a return value. Otherwise, why even have it there? You make a dangerous assumption. I'm guessing that it does some sort of logical evaluation on the value passed in, so that int.Parse() does not receive a null value.
  • Richard 2012-04-09 17:25
    PiisAWheeL:
    Nagesh:


    And since we're on that topic... can we stop using the same 7 pictures of a 3rd world country over and over again everytime we want to demean the quality of work or people from india?
    I don't know why you consider this picture demeaning. They have shoes (sorta) paved roads and even, it would appear, intermittent access to running water. Sounds like one of those Chamber of Commerce things trying to praise a place, not put it down.
  • PiisAWheeL 2012-04-09 17:33
    Richard:
    PiisAWheeL:

    And since we're on that topic... can we stop using the same 7 pictures of a 3rd world country over and over again everytime we want to demean the quality of work or people from india?
    I don't know why you consider this picture demeaning. They have shoes (sorta) paved roads and even, it would appear, intermittent access to running water. Sounds like one of those Chamber of Commerce things trying to praise a place, not put it down.
    I didn't consider the picture demeaning. Its context (fake nagesh using it with bad english and not saying anything funny) was designed to be demeaning. But that is not my point. There are like 7 of these pictures that get used in EVERY FUCKING THREAD! Its called the internet. Go find something a little more original and less worn out. That picture needs an arrow to the knee.
  • Mr.'; Drop Database -- 2012-04-09 17:43
    Nagesh:
    Alex Papadumbass:
    jmacpherson:
    [I] [just] [don't] [see] [any] [problems] [with] [the] [classic] [ASP] [code] [.] [Where's] [the] [WTF] [?]
    STFU. I am the boss here and if I have published it, it is a WTF. Print your expert opinions on a toilet paper and shove it up your ass.
    I know what ass is (shown, left), but what is toilet papper?
    It's that disgusting stuff they use in countries that aren't civilized enough to use bidets.
  • csmiller 2012-04-09 18:15
    That's a goat, it's cloven footed. Asses are equids, and have only one hoof per leg.
  • Jaime 2012-04-09 18:47
    SCSimmons:
    string sql = "exec spRequestInitechData '"
    + txtData.Text.ToString().Replace("'", "''") + "'";

    Sometimes, I can't imagine the thought processes that lead to the WTF. I think it may be scarier when I can.

    "We should escape the apostrophes when we build the SQL command, to prevent injection attacks."
    "Actually, I've heard that the accepted standard is to use stored procedures."
    "Oh. Hey, I've got an idea. Let's do both! Belt and suspenders, right?"
    "Brillant!"
    It's not belt and suspenders. Stored procedures encapsulate data access logic and proper parameter handling prevents injection. Anybody who thinks that poorly escaped calls to stored procedures will prevent injection should be fired immediately.
  • Deanna 2012-04-09 20:39
    geoffrey, MCP, PMP:

    EvalToString obviously has to do something besides pass through the parameter passed in as a return value. Otherwise, why even have it there?


    The same applies to most of the code SODs posted !
  • Prakash 2012-04-09 22:16
    VeryHidden is used very less
  • da Doctah 2012-04-09 22:42
    csmiller:
    That's a goat, it's cloven footed. Asses are equids, and have only one hoof per leg.

    Also, asses hog the covers in bed. Goats are content to sleep across the foot of the bed, like dogs.
  • SCSimmons 2012-04-10 00:02
    Jaime:
    SCSimmons:
    string sql = "exec spRequestInitechData '"
    + txtData.Text.ToString().Replace("'", "''") + "'";

    Sometimes, I can't imagine the thought processes that lead to the WTF. I think it may be scarier when I can.

    "We should escape the apostrophes when we build the SQL command, to prevent injection attacks."
    "Actually, I've heard that the accepted standard is to use stored procedures."
    "Oh. Hey, I've got an idea. Let's do both! Belt and suspenders, right?"
    "Brillant!"
    It's not belt and suspenders. Stored procedures encapsulate data access logic and proper parameter handling prevents injection. Anybody who thinks that poorly escaped calls to stored procedures will prevent injection should be fired immediately.

    Apparently, I forgot my BBCode [sarcasm] tags again.

    Yes, I'm aware that the hypothetical exchange above resulting in the WTF code snippet is two individuals who have heard some buzzwords but don't actually understand what they're doing, managing to create something even more dysfunctional than what either of them would have created separately. To me, the amusing bit is that either would have created something that might have worked in the normal case, but failed when confronted with a malicious user. But by working together, they managed to create something that fails in cases of both malicious and normal users.

    We don't see the code for the stored procedure, but I'll bet dollars to donuts that if it does something like a last name search, it will fail when the user enters O'Connell, once the EXEC command has been ruthlessly mangled by this abysmal front-end coding. Whether it's still vulnerable to injection attacks depends a lot on how competent the person who coded the stored proc was; hopefully this person was in no way related to the front-end coders.

    The really sad part is how easy it is to code this correctly ...
  • Dave 2012-04-10 02:40
    Coyne:
    I think the visibility enumeration needs a few more enumerations. These come to mind: Sort of Hidden, Cleverly Hidden, Poorly Hidden, Extra Hidden, Forever Hidden, Optimally Hidden, Resolutely Hidden, Nervously Hidden, Unbelievably Hidden.


    You forgot the most obvious one, FileNotFound.
  • L. 2012-04-10 04:49
    Programming 101:
    if (!file_exists($dir) || !is_dir($dir))
    if (!file_exists('test') || !is_dir('test'))
    if (!TRUE || !FALSE)
    if (FALSE || TRUE)
    if (TRUE)

    So if 'test' exists and is not a dir, a dir named 'test' will be created?


    No . a dir will be created unless both dir and file exist w/ the name. and there will be an error
  • L. 2012-04-10 05:00
    Oh and by the way, anyone want to see my private carrot ?
  • Dave 2012-04-10 05:09
    Jaime:
    SCSimmons:
    string sql = "exec spRequestInitechData '"
    + txtData.Text.ToString().Replace("'", "''") + "'";

    Sometimes, I can't imagine the thought processes that lead to the WTF. I think it may be scarier when I can.

    "We should escape the apostrophes when we build the SQL command, to prevent injection attacks."
    "Actually, I've heard that the accepted standard is to use stored procedures."
    "Oh. Hey, I've got an idea. Let's do both! Belt and suspenders, right?"
    "Brillant!"
    It's not belt and suspenders. Stored procedures encapsulate data access logic and proper parameter handling prevents injection. Anybody who thinks that poorly escaped calls to stored procedures will prevent injection should be fired immediately.


    So...you're saying that some of the code included as part of a Daily WTF post isn't actually very good code?

    Have the site owners been informed?
  • sagaciter 2012-04-10 05:48
    lol omigosh frist!!11!!
  • java.lang.Chris; 2012-04-10 06:51
    Coyne:
    I think the visibility enumeration needs a few more enumerations. These come to mind: Sort of Hidden, Cleverly Hidden, Poorly Hidden, Extra Hidden, Forever Hidden, Optimally Hidden, Resolutely Hidden, Nervously Hidden, Unbelievably Hidden.


    You've missed the ultimate form of invisibility for a document - SavedToSharepoint
  • mmx 2012-04-10 06:59
    >> Maybe so, but s.ToString() is redundant, and what's left is simple enough that you might want to compact it into one line:


    s.ToString() is surely redundant, might also be a remnant of some refactoring or copy/paste, but is still very minor, not a WTF for sure unless that specific developer wrote that all the time.

    I'm against compacting that into one line, which gains nothing and complicates debugging. We can debate that, of course, but I wouldn't call WTF on that code at all.


    I also imply that EvalToString does some kind of "EVALUATION" of the statement argument. Like you can pass, say "=A1+B2" or "=$sdjfhskdfh" or whatever valid expression in whatever sublanguage it is, and it returns a value of some kind, otherwise it would be named "ConvertToString" probably.
  • Qvasi 2012-04-10 08:08
    L.:
    Programming 101:
    if (!file_exists($dir) || !is_dir($dir))
    if (!file_exists('test') || !is_dir('test'))
    if (!TRUE || !FALSE)
    if (FALSE || TRUE)
    if (TRUE)

    So if 'test' exists and is not a dir, a dir named 'test' will be created?


    No . a dir will be created unless both dir and file exist w/ the name. and there will be an error


    Assuming this is php, file_exists will return true if either a file or directory exists; thus is_dir() == true implies file_exists() == true.
  • Nagesh 2012-04-10 08:41
    In 1986, India was being given 7 Polaroid camera from British govrenment. Most of the fotos are being lost. :(
  • oheso 2012-04-10 09:18
    AB:
    Hey, as a developer I may be terrible and devoid of any structure, but I resent being compared to that code.


    Thank you.
  • oheso 2012-04-10 09:18
    Jay:
    I don't see a WTF here at all. They have some function that does we know not what to a string, and gets a result that is another string. In at least some cases, this result is, in fact, parsable as an integer, so they have a second function that calls the first, gets the result, and then parses it to an integer. This seems like plain good coding to me. What would be preferable, to make another function identical to EvalToString except that it returns an int? Duplicating who knows how much code?


    Geoffrey, you used the wrong log-in today.
  • oheso 2012-04-10 09:28
    While you're all stumbling over yourselves to argue that evaltostring may or may not be a WTF, everyone seems content that there's an entire subroutine which is nothing more than a wrapper for int.parse and doesn't even handle exceptions. int.tryparse, anyone?
  • ThingGuy McGuyThing 2012-04-10 09:47
    oheso:
    While you're all stumbling over yourselves to argue that evaltostring may or may not be a WTF, everyone seems content that there's an entire subroutine which is nothing more than a wrapper for int.parse and doesn't even handle exceptions. int.tryparse, anyone?


    Combined with your last post, I'm beginning to think that it is you who is Geoffrey.

    * evalToString almost certainly evaluates its argument, and returns the result of that evaluation, not the original string

    * evalToInteger isn't just a wrapper for int.parse, since it also performs the aforementioned evaluation

    * Not everyone wants to handle exceptions immediately. Especially in a case like this where the appropriate response is probably to just let the FormatException bubble up to the caller.
  • PiisAWheeL 2012-04-10 09:57
    java.lang.Chris;:
    Coyne:
    I think the visibility enumeration needs a few more enumerations. These come to mind: Sort of Hidden, Cleverly Hidden, Poorly Hidden, Extra Hidden, Forever Hidden, Optimally Hidden, Resolutely Hidden, Nervously Hidden, Unbelievably Hidden.


    You've missed the ultimate form of invisibility for a document - SavedToSharepoint
    Now THAT is file_not_found.
  • Loren Pechtel 2012-04-10 10:45
    FragFrog:
    Loren Pechtel:
    What's the problem with:

    public static int EvalToInteger(string statement) {
    string s = EvalToString(statement);
    return int.Parse(s.ToString());
    }

    Note that the supplied string is named "statement"--I would assume EvalToString is doing some sort of evaluation, it doesn't just return what was passed in.

    If there are any sort of naming conventions there, EvalToString will convert something to a string, just like EvalToInteger converts something to an integer. So now you have a string, which is evalled as a string, and then its string value is parsed.

    That doesn't sound the least bit redundant to you?

    Mind you, now I am assuming that a string variable's value is equal to it's .ToString value. Would not surprise me much if there is some weird null condition where that is not the case.


    Given the variable name of "statement" I'm thinking that the original might contain some sort of markup rather than the final data. Say "Dear @Salutation @Firstname @Lastname".
  • Richard 2012-04-10 11:15
    Why not replace with a blank string?

    replace('/', '')
  • DaveK 2012-04-10 12:32
    Fred:
    VeryHidden Very Hidden. When the item is serialized out as xml, its value is "veryHidden".
    Were it not for this line, the table could have been completely machine generated. But the three variations on "very hidden" suggest at least the possibility that some human drudge-drone was involved -- but not human enough to realize that an actual explanation might be useful.
    Actually, if you follow the link to the original version on MSDN, you'll see that the poster has bogusly reformatted the table to make it look more stupid than it actually is. There are only two columns in the real one, "Member name" and "Description".

  • DaveK 2012-04-10 12:38
    PiisAWheeL:
    Richard:
    PiisAWheeL:

    And since we're on that topic... can we stop using the same 7 pictures of a 3rd world country over and over again everytime we want to demean the quality of work or people from india?
    I don't know why you consider this picture demeaning. They have shoes (sorta) paved roads and even, it would appear, intermittent access to running water. Sounds like one of those Chamber of Commerce things trying to praise a place, not put it down.
    I didn't consider the picture demeaning. Its context (fake nagesh using it with bad english and not saying anything funny) was designed to be demeaning. But that is not my point. There are like 7 of these pictures that get used in EVERY FUCKING THREAD! Its called the internet. Go find something a little more original and less worn out. That picture needs an arrow to the knee.
    Adblock: "http://www.nytimes.com/images/2011/11/20*". There, a legitimate use for an adblocker even on an advertising-supported website!

  • file minion 2012-04-10 16:01
    PiisAWheeL:
    Jay:
    I'm really surprised that no one has pointed out the obvious error in the enum. Of course there should be FOUR values: Visible, Hidden, VeryHidden, and FileNotFound.
    Wrong wrong wrong! Its an enum, not a BOOL. True, False, and File_not_found are the 2 BOOLEAN VALUES we can pick from. It has no place in enums.

    Although, if hidden well enough, file may not be found...


    FTFY
  • L. 2012-04-11 05:25
    Qvasi:
    L.:
    Programming 101:
    if (!file_exists($dir) || !is_dir($dir))
    if (!file_exists('test') || !is_dir('test'))
    if (!TRUE || !FALSE)
    if (FALSE || TRUE)
    if (TRUE)

    So if 'test' exists and is not a dir, a dir named 'test' will be created?


    No . a dir will be created unless both dir and file exist w/ the name. and there will be an error


    Assuming this is php, file_exists will return true if either a file or directory exists; thus is_dir() == true implies file_exists() == true.

    Indeed . and that _IS_ scary . totally means you have to scan twice to know if it's really a file . good going php base functions ^^
  • J-L 2012-04-11 13:34
    WhoMe:
    What exactly is wrong with this?

    $dir = 'test';
    
    if (!file_exists($dir) || !is_dir($dir))
    {
    exec('mkdir '.$dir);
    }



    The problem is that the "||" should be "&&". The way it is now, it's a little like saying:

    if (gender != "male" || gender != "female")
    
    {
    print("Error: Unknown gender!");
    }


    At first glance, you'd think this code would print an error message whenever it got an unexpected input, like "12" or something like that. But in actuality, every input is either not equal to "male" or not equal to "female" (or both), making the condition equivalent to "if (true)", making users wonder why "male" and "female" are such esoteric genders.

    So in the original code, the exec() command will get run no matter what, which is probably not what the programmer intended.
  • Qvasi 2012-04-12 03:42
    L.:

    Indeed . and that _IS_ scary . totally means you have to scan twice to know if it's really a file . good going php base functions ^^


    Well there is is_file() that returns true if the file exist and it's a regular file and is_link() that does the same for symbolic links.

    The file file_exists() is returns true if there is anything (file, dir or link) with the supplied name in the directory, probably named as such because in Unix/Linux "everything is a file"...

    Fixing this code (assuming there may be a file or link called "test") is not as easy, if the rest of the code assumes the a directory named "test" is created after this code is run... (But in practice; the directory will probably be controlled by this application anyway, so the assumption that no regular file or link with this name is present is probably safe)
  • tin 2012-04-12 08:21
    java.lang.Chris;:
    You've missed the ultimate form of invisibility for a document - SavedToSharepoint


    I keep hearing about this Sharepoint, and even got asked to "set it up" once... I even installed it. But I still can't figure out WTF it's meant to be.
    I guess that makes it perfect Enterprise software?
  • Bob 2012-04-12 11:13
    That's not an ass.

    Also, I think your complimentary internet stalker is morphing into Molesworth.
  • IMil 2012-04-13 08:05
    pjt33:
    emurphy:
    ... on the same scale as BDate and EDate, where AFAICT the only WTF is that ToUpper() is unneeded.

    Does DRY mean anything to you?

    Come on, the code is repeated only twice.
    Creating an extra function for formatting would be justified only if the formatting was likely to change often, unless there are N more date fields initialized in the same way.
  • SockLess 2012-04-13 14:50
    SCSimmons:
    But by working together, they managed to create something that fails in cases of both malicious and normal users.

    We don't see the code for the stored procedure, but I'll bet dollars to donuts that if it does something like a last name search, it will fail when the user enters O'Connell, once the EXEC command has been ruthlessly mangled by this abysmal front-end coding. Whether it's still vulnerable to injection attacks depends a lot on how competent the person who coded the stored proc was; hopefully this person was in no way related to the front-end coders.
    Perhaps I'm missing something, but I'd expect the article's code to result in "exec spRequestInitechData 'O''Connel'" which is how you're supposed to escape single quotes. And thus it'll work quite well.

    Are you saying that "exec spRequestInitechData 'O'Connel" Would be in any way better? Admittedly, the code crashing might be a relief for all involved. Also, the inside of the SP doesn't have to be involved in an injection attack in this case.

    The really sad part is how easy it is to code this correctly ...
    I guess something involving prepared statements that is two or three times as long?
  • Daniel15 2012-04-15 04:00
    that guy:
    The first one looks like a part of this code, probably not a WTF.
    http://odetocode.com/code/80.aspx

    Looks like this is the case - That EvalToInteger is identical. In which case, EvalToString already has a .ToString() call, so doing s.ToString() in EvalToInteger is redundant.
  • Ahto 2012-04-16 10:00
    No, you can't. Both parameters of String.replace() are characters, not strings.

    If you meant String.replaceAll(), then yes. But this was added to Java in 1.4, so it may or may not have been available when the code was first written. (And I know of a few servers that haven't still been upgraded from 1.3, so the code does not even have to be ancient for that to be true.)
  • wgeek 2012-04-26 16:36
    SCSimmons:
    string sql = "exec spRequestInitechData '"
    + txtData.Text.ToString().Replace("'", "''") + "'";

    Sometimes, I can't imagine the thought processes that lead to the WTF. I think it may be scarier when I can.

    "We should escape the apostrophes when we build the SQL command, to prevent injection attacks."
    "Actually, I've heard that the accepted standard is to use stored procedures."
    "Oh. Hey, I've got an idea. Let's do both! Belt and suspenders, right?"
    "Brillant!"

    No, not at all.

    That statement is building a string to be sent to the DB engine for parsing.

    Exec spInitechData('O'Bryan');

    See a problem with that statement?

    Man, the quality of the reviewers on this site has really slipped lately. Y'all youngsters need to put on your thinking caps and think things through, and not be so quick to slam code that doesn't "make sense" to you.
  • wgeek 2012-04-26 16:44
    SockLess:
    SCSimmons:
    But by working together, they managed to create something that fails in cases of both malicious and normal users.

    We don't see the code for the stored procedure, but I'll bet dollars to donuts that if it does something like a last name search, it will fail when the user enters O'Connell, once the EXEC command has been ruthlessly mangled by this abysmal front-end coding. Whether it's still vulnerable to injection attacks depends a lot on how competent the person who coded the stored proc was; hopefully this person was in no way related to the front-end coders.
    Perhaps I'm missing something, but I'd expect the article's code to result in "exec spRequestInitechData 'O''Connel'" which is how you're supposed to escape single quotes. And thus it'll work quite well.

    Are you saying that "exec spRequestInitechData 'O'Connel" Would be in any way better? Admittedly, the code crashing might be a relief for all involved. Also, the inside of the SP doesn't have to be involved in an injection attack in this case.

    The really sad part is how easy it is to code this correctly ...
    I guess something involving prepared statements that is two or three times as long?


    You didn't miss anything. He's an idiot. The real WTF anymore on this site is the remarkable lack of comprehension, coupled with a true sense of arrogance.