• Scott Simons (unregistered)

    I know it was mentioned before and is kind of off topic... But, you should really wrap your image tag in a block level element like a div. The span doesn't look right in firefox.

  • skicow (unregistered)

    Well at least he isn't displaying that message to the user.

    ACK!

  • Dave Mays (unregistered)

    I think this is less WTF and more hilarious. It seems like something that probably got put in at 3:00 am when the coder was a bit punchy. Without further context it's hard to say whether this is truly WTF or not.

    The most WTF part is the "magic numbers" in the code. Tsk, tsk, tsk.

  • Guayo (unregistered)

    Shit happens

  • WanFactory (unregistered)

    reminds me of a block of code I once found...

    catch (TomcatException e) {
    // what to do?
    }

  • Manni (unregistered)

    Maybe I was dropped too much as a child, but I'm not seeing the WTF. I guess you could argue that it's bad form to store passwords in clear text in a database. It looks almost like you're putting this one up because he uses a four-letter word in his comments. Hell if I were to submit every time I did that in my code you'd have enough material to last to 2005.

    The only other thing I see is that he doesn't do anything if the account isn't found. This may not be a problem as there could possibly be some code later that says

    If UserName = "" Then
    Response.Write "ERROR: Your account was not found"

    ' Processing stops here

    Else
    ' continue to process based on this UserName

    End If

    I'll gladly withdraw my opinion if someone shows me where I missed the WTF.

  • Manni (unregistered)

    Ooh I think I get it now. I don't have a whole lot of experience with web design software packages, but those buttons at the bottom for "Design" and "HTML" look eerily like FrontPage. If that's the case, then this is clearly a WTF as FrontPage was designed to let even the most retarded user throw together a web page as long as they can muddle their way through MS Word.

  • Guayo (unregistered)

    @Dave Mays

    Error handling aside... it's a WTF... concatenating a cookie value like that.

  • Chris (unregistered)

    You think the comment is bad? I should have saved something a coworker wrote a few years ago. Our company was consulting on a project for a client, and he was responsible for one of the apps. I always made a habit of checking his checkins to make sure he didn't break anything. Unfortunately I missed one of his checkins before it was delivered. It looked like something like this:

    If SomethingUnexpected Then
    MessageBox("You're fucked.")
    Else
    DoStuff()
    End If

    I had him ship an updated EXE to the client that same morning. Thankfully SomethingUnexpected was a very rare condition, and they didn't encounter it before it was eradicated. But if they look back in the VSS history they'll find his change. :)

  • Alex Papadimoulis (unregistered)

    To answer Manni, the response I first elicited was "hahaha" instead of "WTF!" There is nothing wrong with silently eating the error, but that should be indicated, something like: "The account is not needed, and the user will be redirected at the end of the page."

    Or, as they talk'll talk about after the debates tonite, "Style" vs "Substance." Whatever that means.

  • Anonimo (unregistered)

    Oh My God, connection storange in application variable!!!

  • Jason Walker (unregistered)

    I especially love the SQL ordering.

    Order By UID (But only where UID = 'XXX').

    I guess that it would be useful if he.... or he.... ok, yeah, it'd never be useful.

    Maybe its a de-optimization thing. You know, like a Thread.Sleep(5000) to make it appear to the user that your app is actually doing something.

  • josh (unregistered)

    @Chris: Now that is beautiful.

    @Scott Simons: a div won't work (too wide if the image is narrower than the page), you need a floating element (causes other awkwardness) or just put the border style on the img element itself.

  • Rob (unregistered)

    Perhaps the 'Order By UID' is for use during some future SQL injection attack...

  • WanFactory (unregistered)

    Ah yes, the order by defense to SQL injection.

    So when someone's userid winds up being: 53 or 1=1 --

    they will get that special userid of zero which is a false-admin account where they start doing auditing to find out what the culprit is doing. Unfortunately:

    1. you just know someone's gonna stick in a real admin account at -1
    2. the injection attack will comment out the order by

    Though I sometimes wish people who swallow errors would instead swallow their%@!X(~NO CARRIER

  • Zka (unregistered)

    Leaving empty branches - it happens to everyone eventually.

    But sorting a resultset of 0 or 1 rows is WTF :)

  • Rob Chartier (unregistered)


    Lets hope that the Application("SSGDBCS") is a connection string (even though you can kiss connection pooling goodbye) and not an actual connection object....

  • Ron (unregistered)

    I think that if statement is so hilarious because it reads like english. It's like we're sharing in a private joke.

    I'd also like to point out that I bet some editing happened on that file in notepad because the casing on the keywords is inconsistent and I'm guessing visual studio does auto-casing when it can help it.

  • Jeremy Davis (unregistered)

    Scott Simons, josh, and Alex. If you really want a border on an img tag, just style a border onto the img tag. Works beautifully.

  • Manni (unregistered)

    I'll concede that the "ORDER BY" is kinda stupid. Actually there's no guarantee that it will return only 0 or 1 items in the results, because UID could easily be a column that doesn't force unique values. Someone could screw up the database and this query will return 100 rows, of which this script will only take the first.

    The more I think about it, there are enough small WTFs here that it adds up to one big one.

  • David Grant (unregistered)

    Agreed on the magic numbers.

    If UserID < 10
    SamplerPlatter = 91
    Else
    MonsterTruck = 38
    End If

  • Fubarer (unregistered)

    How about this?

    AcctSQLQuery = "SELECT * FROM Accounts WHERE UID=" & UserID & " LIMIT 1"

    Atleast, that's what works in MySQL. Dunno about other RDBMS's.

  • Richard Tallent (unregistered)

    Dear sir:

    My account is not working. I typed it in and it did nothing at all. Please fix it. My user ID is:

    0 DELETE FROM accounts SELECT null FROM accounts

    However, my other userid is working just fine, and thank you for extending my administrator access, I have really enjoyed it. That user ID is:

    0 OR accesslevel=(SELECT MAX(accesslevel) FROM ACCOUNTS)

  • Richard (unregistered)

    I've got to hold my hands up to doing this more than once. Although never in a system where it would be seen.

    Got caught out by a third party consultant a month ago, who looking through some one off csv to database insert scripts decided to show the client:
    If unbound(arrNameEmail) <> 1 then
    ' do nothing line is f*cked
    Else
    ....

    Of course the real problems was that I should have deleted the quick script after running it, after all it's not doing wrong that's the problem, it's getting caught out.

    I shall now retire to the corner and hang my head in shame.

  • RichB (unregistered)

    Besides all the many other things wrong with this code, no-one has yet mentioned that it stores passwords in the database...ever heard of hashes and salt?

  • StuP (unregistered)

    We have some scientific software around here that measures tiny forces (in nanonewton (nN), piconewton (pN)). One of my colleagues recently changed the scale to femtonewton (fN, 10^-15 newton) and was greated by an alert box "Fuck you and your femtonewton, OK/Cancel". An interesting one to find in the production code...

  • Thomas Eyde (unregistered)

    Agreed on the database access. There's the real wtf.

    If it doesn't matter wether the account is fount or not, then the if should be written as:

    if not AcctRS.EOF then
    ...
    end if

    And drop the else part. It would be better, of course, to extract the whole thing to a GetAccount() method. Then, perhaps, it would be more obvious what to do with a) an empty account, b) a not found account.

  • Mark Allison (unregistered)

    Also, if the Accounts table changes structure, the code could break. SELECT * is a big no, no. You will get back more, or less columns than expected.

    Seems like he will get away with it in this instance though...

  • CrashC (unregistered)

    Yeah but... at least it wasn’t a msgbox.
    I did that in a simple script for the HR dept. Spent way too long debugging someone else’s vbs script... and put a couple of msgbox("You suck!") and the like... (being the best way to debug a vbs)

    Needless to say... One wonderfull payday, I spent an afternoon BSing my way out of a sexual harassment complaint.

  • Miszou (unregistered)

    CrashC:
    I did a similar thing once with a debugging messagebox that said "Incorrect count".

    Unfortunately I misspelt "count". :(

    Luckily it was in-house code and the poor soul who recieved the message thought it was quite amusing.

  • Bu (unregistered)

    OH MAN! This reminds me of a time when I wrote firmware for a smart-terminal that I designed. There was leftover space in the boot EPROM, so I filled the remaining space with the phrase "UpYours!UpYours!UpYours!UpYours!..." thinking that no one would ever see that.

    Well, apparently, one of our customers called one day asking "What does it mean when you turn the thing on and it says 'UpYours!' like a thousand times and keeps scrolling that message?"

    Needless to say, I nearly crapped my pants from laughing so hard, but then had to explain to the boss why my terminal was exhibiting such offensive behavior. :)

  • rvn (unregistered)

    @josh: divs can float too.
    Try
    display: inline;
    or
    float: left;
    for the styles. CSS is a thing of beauty! ;)

    (and yes, a border definition for img will do just as well)

  • Ben (unregistered)

    did anyone else notice that it seems that if the user does NOT have the cookie, they're automatically logged in as (what seems to be) Admin?

    so, you go to the site the first time, just get logged in with access level 10?

  • me (unregistered)

    perhaps AccessLevel 10 isn't admin but a lower level of access

  • w00t (unregistered)

    Fancy.

    But this is better:

    public void main (String args[]) {

    try {
    all code here
    }
    catch (Exception e) {
    //ignore <-- this comment here is very important!
    }

    }

  • Espen Antonsen (unregistered)

    "Lets hope that the Application("SSGDBCS") is a connection string (even though you can kiss connection pooling goodbye) and not an actual connection object.... "

    You will still benefit from pooling. Whether the connection string comes from a local variable or application variable is irrelevant.

  • Shawn (unregistered)

    I am curious why this coder chose the number '3'? It is about as baffling a conundrum as why 789.

Leave a comment on “Error Nonhandling”

Log In or post as a guest

Replying to comment #:

« Return to Article