• Jazz (unregistered) in reply to Anonymous
    Anonymous:
    Herein lies the problem with ORM's. The SQL is actually easier to write, maintain, and understand. And since NULL cannot equal anything, it would probably just take care of this. Should have been a stored procedure. ;)

    Captcha: decet. As in ORMs are deceitful.

    The ORM has nothing to do with this. The programming error would have been the exact same WTF even if it had been written in raw SQL:

    String criteria_sql = "SELECT * FROM `employee_data` ";
if( requestUser != null ){
    if( requestUser instanceof Employee ){
        Employee employee = (Employee) requestUser;
        criteria_sql = criteria_sql + "WHERE `id` = " + employee.id;
    }
}
return executeQuerySomehow( criteria_sql );
  • (cs)

    Great. The only thing missing is some obscure piece of regex and the trifecta is complete.

  • (cs) in reply to Rick
    Rick:
    Hell it might even go viral!
    What, like H5N1 'flu, HIV or Ebola? Thanks a bunch!
  • Pablo (unregistered)

    This is a great example of using failsafes - if your authentication ever fails, you can still safely access all of your data!

  • (cs) in reply to Jack
    Jack:
    I thought OOP was supposed to conceal the details of the implementation, and only expose an interface where you get and set values and the class takes care of figuring out how to make that happen.
    That's procedural programming with classes, often mistaken for OOP.
  • Meep (unregistered) in reply to faoileag
    faoileag:
    Jack:
    if (requestUser == null) { requestUser = 'xsmith'; }
    requestUser is not an instance of String, it's an instance of User

    The correct line would therefore have to be something like: requestUser = new User('some_dummy_name');

    No, it would be requestUser = User.makeInvalidUser(), and it would return a subclass of User that overrode the method isAuthenticated to return false. Or it could even be a special guest user that exists but simply has no permissions.

  • Gunslinger (unregistered) in reply to dkf
    dkf:
    Rick:
    Hell it might even go viral!
    What, like H5N1 'flu, HIV or Ebola? Thanks a bunch!

    Thanks Obama!

  • löchlein deluxe (unregistered) in reply to Ken
    Ken:
    bug:
    Criteria criteria = new Critera();
    Is that the new three-way boolean expression I've been hearing about?
    No, it's the way you have to name things in **ails if you want auto-generated code to work. Oh how I wish I was kidding.
  • Norman Diamond (unregistered)
    Lorne Kates:
    (who can trust ctrl-c / ctrl-v in these hectic, Enterprise Cloud-based times?)
    Embarrassingly enough for me, after having advocated ctrl-c / ctrl-v in this forum a few weeks ago, I have to admit that it cannot be trusted.

    I took the hard drive out of a PC whose backlight burnt out but still had Windows XP working when an external monitor was attached.

    I used a USB-to-SATA cable to connect the hard drive to a PC running Windows 7.

    I opened Windows Explorer, selected a bunch of folders, ctrl-c, explored to a folder on the internal drive of the new PC, ctrl-v.

    Windows Explorer told me about 30 times that it couldn't copy files because the filenames were too long. Sometimes it showed part of the base filename but it didn't show the entire path. Windows suggested that I change the filename, but didn't provide any button or edit box to do so, just skip or cancel or maybe repeat the fail without change. Sometimes I could guess where the original files were. I didn't handwrite a complete list. Well, that was yesterday. Today is worse.

    Today I happened to look at a folder where Windows Explorer did copy files to. A folder where Windows Explorer did not complain about invalid filenames or inability to copy files. A folder where Windows Explorer pretended to succeed.

    Today I noticed that some filenames differed from the originals.

    ctrl-c / ctrl-v? In Windows 7? Just say no.

  • my name (unregistered)

    Happened into a similar feature at the university some 15 or so years ago.

    There were old macs using some text terminal software to connect to a system named LADOK, a system which stored all information on completed and ongoing courses. These terminals were available to any student (well really anyone at all) in case you wanted to check your grades for that Haskell introduction course.

    To retrieve your information, you entered your 10-digit personal number, similar to social security number I guess, only that the 6 first digits are your birth date. By substituting the last four digits with spaces you could enter any date and retrieve a list of students born on that date, their full personal numbers and their grades. Can't recall if it "only" reported students at the local university or if it was for the whole of Sweden.

  • Gyxi (unregistered)

    It's a classic scenario. They had correctly functioning code without the check on whether the user is null. Then someone entered a non existing user name and the system gave a NullPointerException. A junior developer was told to fix the error and did by checking for null first.

    • sagaciter, n. a person that likes to tell quotations from old sagas.
  • Mike (unregistered) in reply to bug

    Buffalo buffalo buffalo?

  • Mike (unregistered) in reply to faoileag

    Probably just tested with a few users and yep it only showed their data so ... Then our WTF guy decided to use the webservice directly rather than go through the page (which might enforce login at the website level) and didn't use it "correctly". A lot of edge cases never get tested at a lot of places because "it will never happen".

  • Neil (unregistered) in reply to Jazz
    Jazz:
    The ORM has nothing to do with this. The programming error would have been the exact same WTF even if it had been written in raw SQL: 
    String criteria_sql = "SELECT * FROM `employee_data` ";
if( requestUser != null ){
    if( requestUser instanceof Employee ){
        Employee employee = (Employee) requestUser;
        criteria_sql = criteria_sql + "WHERE `id` = " + employee.id;
    }
}
return executeQuerySomehow( criteria_sql );
    That's not raw SQL, you're still casting the user to an employee on the client side. You want 
    SELECT * FROM employee_data INNER JOIN users ON partner WHERE users.id = ?
    If the user isn't an employee then his partner is null and you get no records.
  • Neil (unregistered) in reply to Norman Diamond
    Norman Diamond:
    I opened Windows Explorer, selected a bunch of folders, ctrl-c, explored to a folder on the internal drive of the new PC, ctrl-v.
    So I take it you'll be using ROBOCOPY from now on?
  • (cs)

    Easy to fix:

    if (requestUser == null) throw new SecurityException("Nice try, smartass!");

    Bonus points as SecurityExceptions are logged by the App Server.

  • OOP?!? (unregistered) in reply to pjt33
    pjt33:
    Jack:
    I thought OOP was supposed to conceal the details of the implementation, and only expose an interface where you get and set values and the class takes care of figuring out how to make that happen.
    That's procedural programming with classes, often mistaken for OOP.

    Unfortunately, sometimes that's all you want in these OOP languages, and so you end up creating some terrible classes.

  • Leonidas (unregistered)
    <!-- Madness? This is Sparta!!! -->

    Something something akismet. Suscipere. Frist? First? Fstir?

  • EsotericNonsense (unregistered)

    Well I don't see what the big problem is it's a one line fix.

Leave a comment on “None for All”

Log In or post as a guest

Replying to comment #:

Log Out

« Return to Article