- Feature Articles
- CodeSOD
- Error'd
-
Forums
-
Other Articles
- Random Article
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
Bind variables? How do you guys insert data into the db? "Please select your bank account number from the list"?
Admin
Woh, you're jumping the gun here. SQL injection has nothing to do with concatenation perse. He didn't mention using user input or any other form of input that could be altered by someone with bad inetntions, for concetenating a query. Furthermore, even if you use user input concatenating can still be very useful as long as you know about the risks of SQL injection and prevent them from hapening.
Concatenation of queries can easily be done without the risk of SQL injection. That would be why I wouldn't hire you.
Admin
what? hm, can I have the job, I didn't understand anything of this joke, so I couldn't plagiarize anything
Admin
You were trying to be funny or just plain stupid?
$sth = $dbh->prepare('insert into accounts(number) values(?)'); $sth->execute($cgi->param('account_number'));Granted, that's perl (or thereabouts) but you should get the idea. Now you may freely set your account number to '; drop database' or whatever and you're SQL-injection proof. Of course you must validate the data anyway but for different reasons.
BTW, I'm Polish too, but don't kiss me :P
Admin
Man what a bunch of jerks.
Admin
I have seen worse. At university we had a test in material science, I think it was about wolfram steel. One girl had phenomenal memory and wrote an flawless essay describing production, use, etc. I mean she remembered all sorts of percentages, chemical equations and so on. The exam was a closed-book exam, where we were guarded by a number of people against copying.
The professor failed her, because he meant that it was impossible to write such an essay without copying.
Again - too good of an answer.
Admin
They missed a talented programmer
Sal http://www.prankvideoz.com
Admin
Admin
i think your answer is spot on. anything less is ... well not really impressive though. to Concatcorp, i think i wont get any product or service from them for hiring someone with sub-par knowledge -- that's me. peter is better off somewhere.
Admin
thats bullshit! dude, post the name of the company so we can send her some nice emails and call them to express our 'views'.
Admin
You may be right. Similar situation once for me: saw a posting on craigslist from a recruiter for a job in my city, sounded like an ideal sitch for me (apparently there aren't many Mac developers where I live). Recruiter informed me I'd have to take a test when I got there, to see if I qualified. He also mentioned it would be in an obscure, dead programming language (like Latin is a dead language), but he gave me links to the language description on the web, and I studied it. Had never heard of it before, but it was created in the 60's and - having done just about every major language since the late 70's through now - it was pretty easy to grok. Went in for the test, sat in a conference room for an hour, finished the 20-question test in 30 minutes (basically, if you can code in Z80 assembler and "think like a Z80", the test was a joke), worried about one answer but decided not to change it, and then at the end of the hour the HR person came in and went over my answers in front of me. I knew I'd gotten most of the answers right, but they were looking for 90% and you always miss something. The HR person seemed a bit shocked, and I asked him how I did. He told me I'd gotten every question right, and it sounded like I was the first person ever to do so. Then he had me take a "personality" test which showed that I was aggressive and "dominant", not surprising since (A) I am, and (B) I'd been working as a contractor for five years. I spoke with a technical guy after that, who indicated that he wanted me to talk to the company president at a follow-up interview. Didn't hear from them again. Decided I had nothing to lose, called the number of the HR guy, and was told they "went with someone else". No explanation.
Epilogue: less than a year later the same recruiter "came across" my resume online and asked if I would be interested in this company in my city that was looking for someone with Mac skills and oh by the way they would make me take a programming test in an obscure language. I laughed at the email, called the recruiter up and reminded him of the previous year's experience. Told him that if they'd changed the HR person I might stand a better chance - the HR person seemed to have a dislike for me.
PS: Don't recall the name of the company, but the city is Boston and the dead programming language is "MUMPS", devised in the 1960's at/for Mass General Hospital.
Admin
OMF thats not only funny, but the same thing happened to me
Admin
right, and useremailaddr can be checked against
Admin
Very real possibility that they didn't want to pay enough to keep someone who really knows their stuff around.... also, the manager might be afraid of employees who are sharper than him.
Admin
What a crappy company!
Admin
I was thinking exactly the same thing.
Admin
Hmph, python already has the latter built in.
"".join("Beep", "Boop", "Bop")Grmbl, well at least I can still roll my own version of the former.
def concat(*args): result="" for arg in args: result+=arg return resultArgh. Just. Can't. Get. It. Ugly.
How about lovely 6502 on an ancient Acorn 8-bitter, the Real Programmer way.
{ .string1% EQUS "Beep" .string2% EQUS "Boop" .string3% EQUS "Fizzle" .start% LDA #&2C \ ASCII ',' STA (string2%-1) STA (string3%-1) RTS } CALL start% print $string1% running gives: Beep,Boop,FizzleBecause EQUS creates 0 terminated strings and places them in memory sequentially, replacing the 0s with commas will effectively concatenate the strings in place. (though if you didn't want commas, you're out of luck :-P)
Unfortunately this was for a "home computer". I'd have to think of a PDP-11 variant or something if I want to make that sound profound.... but unfortunately PDP-11 was just before my time :-(
Admin
I once had a HR person in an interview ask me to "describe the use of constructors in ANSI C." I tried to explain to them that C didn't have constructors, but C++ did. Of course, they did know anything about programming. Their "technical guy" had created the test.
There was also a list of desired skills. From it, they asked me if I had E-M-A-C-S experience (they spelled it out).
Wasn't upset when I never heard from them again.
Admin
WTF KillKillKillKill
Admin
it was yellow imho
Admin
This is a common problem being faced by every company. When the pioneer employees and management are inferior in knowledge, these people make it a point to here somebody inferior to them so as to safeguard their job. So the company suffers. It would be wise for every company to have their employee take some technical skill test from an outside company to check if they've employed lemons.
Admin
OUchhhhh.. what an answer...
Admin
$stmt = $db->prepare("SELECT foo FROM bar WHERE braz = :lart"); $stmt->bindParam(':lart', $lart); $stmt->execute();
or $stmt = $db->prepare("SELECT foo FROM bar WHERE braz = ?"); $stmt->bindParam(1, $lart); $stmt->execute();
or
$stmt = $db->prepare("SELECT foo FROM bar WHERE braz = ?"); $stmt->execute(array($lart));
That's PDO which finally gives you some sane db-access in PHP. It's available since PHP 5.0 (via PECL) and default since 5.1.
http://php.net/manual/ref.pdo.php
Admin
First, fuck Java! You need a 200 MB Java engine running in the back ground just to get that stuff done. And that with some 30% more code to write. You end up with a slow program that still needs at least some 100 MB on the client just for outputting "Hello World". Why not use a decent program in VB or Delphi which has quite good GUI editors (again: Java, aarrrrgh!!!) and the final exe is just less than 5 MB. Second, there should be an option to see useful debugging information for everything not just SQL.
Admin
Take it from me, I'm in my 40s now. Nobody wants to work with someone smart. They just want to work with someone who would be cool to have a beer with.
The right answer would have been- "It's when you add something to something else, like this-and-this-and-this."
In my experience the smart people all work for the dumb people. I am not being cynical- this is how it really is. And I moved my way up in the company by making fun of the smart people and chumming around with the jocks and dummies. Now I'm CIO and I own a percentage of the company.
My smart friends all make less than half of what I do.
Admin
I was out of work a few years ago and heard about an opening with a local company. I called and went through a fairly extensive interview over the phone. They were very interested. I had all the skill sets they needed. A second phone call went well, but they needed a resume to pass around to the top brass. I agreed to drive one over the next morning since it was late in the day. The next morning I delivered the resume, took a tour of the company, and left with the assurance that I'd receive good news later in the day. The call that afternoon was quite a shock. They couldn't hire me because I was acquainted with too many people currently employed there. I never found out the reason for the sudden about face.
Admin
Corporations are simply out of control. . . I have been associated with this industry for the past 20 years and mostly they no longer want employees who can think, they want employees who are very compliant.
Compliance trumps intellect far too many times. Ask yourself: Is this the type of company you would really WANT to spend 8+ hours a day with??? (PUKE)
Admin
Typical response from supposed HR professional people who have no clue what IT workers really do.
Admin
On the surface I would have thought he cribbed the answer too -- it was an informal question, why not a 20 word answer?
If I got an answer like that, I would worry that the person was answering through rote memory, rather than having an understanding the topic being discussed.
At the very least, more emails should have been exchanged. Reply
Admin
I have two jobs opps that was similar.
Employer passed me over because I was not wearing a tie didn't say I had to have on suit and tie, not to mention any company that directions include turn left after the junkyard, the road we are on has no name..
Employer choose someone else because I was too cute.. Excuse me if I turn you on, doesn't mean I am bad for the job
Admin
That's what I call bad recruiting. Sorry Pete, I guess it was your unlucky day.
Admin
Give us absolute without-a-doubt proof that the actual incident/conversation/whatever happened exactly as written, so we can defend against the lawsuits filed against us for libel/slander/defamation of character/loss of income/whatever other reason.
Gee, if "Fixme" was your real name, and you did something stupid, and I posted about it in a public place and exposed you to ridicule, and you lost money or whatever, would you be really happy? I'd suspect not.
Admin
Sometimes you just can't win :(
Admin
I feel your pain.
The other one is being turned down for a three month contract because you're too senior.
Give me the job and I'll do a good job of it.
Admin
What a bunch of loosers... Probably the boss didn't understand your answer and that scared him. Believe me, you deserve better that being with those looser...
Admin
I would sue the for slander/defamation.
Admin
Hello Paula, back again?
Admin
I may be in error, but doesn't the code sample shown contain a possible opening for SQL injection attack? I learned all about them in school, and that's why I only use text files to store data - you can't attack MY code!
Admin
"Cake or death?"
"Cake please"
"Well, we are all out of cake"
"So my choices are death or death?"
"Well we didn't expect such a run on cake, we only had three pieces."
I love Eddie Izzard
Admin
The company didn't call him back, his recruiter did. And recruiters will call to tell you that the company in question hired someone else.
Admin
But on a sent home, pre-screening question, what makes you think one sentence is the right way to go. A single sentence is good for a phone screening, but for a take-home screening question, the attitude that this should be an essay question should be the norm. Otherwise why make it a take home question? Giving a single sentence on something like this could very well mean you don't feel like the opportunity is worth your time.
Admin
Wow! Do you even write code for a living? Or are you one of the hr people from that story?
The subject was concatenation, and thats what he focused his answer on, rather than going off on a tangential discussion of user input validation and sanitizing data.
Admin
I had this happen to me about a week ago as well. They stated that my answers were too academic and I didn't know a thing about any CMS nor did I have any business writing for any business. I'm sure my past clients would disagree with it all but that's just how it goes sometimes.
Admin
So, in the 'real world' (when I was on the job) if I encountered something about which I had NO understanding what is this employer expecting me to do? I should DEFINITELY NOT do some research (on the web) to get the answer. Afterall, applying knowledge and experience (not to mention using the rare skill of adequately explaining it to someone else) to solving a problem is NOT the reason you were hired!!
This sort of bureaucratic nonsense outrages me!
Admin
Last time I applied for work I went through a hiring agency focusing on tech-jobs (aka sysadmining, programming etc). This temp-agency uses an online-test to check your aptitude in whatever field you want to work inn (Win2003 server, C#, C++, jscript, whatever).
Dumb thing about this onlinesite is that you can register temp accounts to "check out their tests" and I found most of them to be quite simple except that they always put in some stuff I knew i couldn't answer, such as insane templates and pointers and what not.
This was aptly solved with the use of a debugger to freeze the firefox.exe instance running the website (which in turn froze the timer on the test) which gave me a couple mins to google whatever I had problems with :P Turned out i scored very high on all tests and landed me a 35$/h job.
In my own logic the fact that I managed to freeze the test with a debugger and find the answer, thus showing a "high problemsolving aptitude" justified every single bit of it :P
(ironicaly the captcha for this submission is: darwin).
Admin
bind variables are dynamic
Admin
Admin
I like you! Lets have a beer and ill send you my internship application :P
Admin
my previous message was meant to be a reply to Carl's message.
Admin
I browsed the questions and available answers, and couldn't help it but to start lecturing him on what was so wrong with the whole thing. To be short: all questions were ambiguous, not clear-cutting a single subject; and worse, all of them, even when interpreted in the most generous way as "almost" non-ambiguous, had only a subset of the relevant answers he might come across. I explained some of the errors, giving examples of how one question should be in fact three, what should be the answers offered, etc., and completed by informing him that whatever statistical results he derived from those questions, they would be meaningless, and thus useless and not scientific. He thanked me and walked away.
Some minutes later, I noticed him asking a couple to answer the exact same questionnaire...