• (cs)

    At least the original author of this code KNEW it would end up on The Daily WTF!!

  • Ändrew (unregistered)

    What? I was going to enter the name of my new metäl bänd!

  • (cs)

    All together now, TRWTF is...

  • åäö (unregistered)

    Non-php coder here. Doesn't take any real php knowledge to see that it is bad, but could someone post a proper way to do the same?

  • phihag (unregistered) in reply to åäö
    åäö:
    Non-php coder here. could someone post a proper way to do the same?
    $convmap = array(0x80, 0xffff, 0, 0xffff);
    field_db_value = mb_encode_numericentity($field_db_value, $convmap, 'UTF-8');

    Taken from a stackoverflow answer by yours truly.

  • toot (unregistered)

    TRWTF is meta submissions [and PHP, of course]

  • Bob Bob (unregistered)

    TRWTF is intentionally writing bad code and then comment whoring.

  • I have Norwegian cousins (unregistered) in reply to ParkinT

    This will almost certainly be disallowed as spam, which is a shame because it's so so so relevant to Scandinavian special characters

    http://thechive.com/2012/09/26/gotta-hand-it-to-norwegians-we-cant-compete-with-this-video/

  • Warren (unregistered)

    TRWTF is that the author didn't short-circuit the situation and send it in him/herself. Although, now I write it, we can't be sure the code wasn't Juho's....

  • aaa (unregistered) in reply to phihag

    use of 'magic numbers'. Ironic.

  • (cs) in reply to phihag
    phihag:
    åäö:
    Non-php coder here. could someone post a proper way to do the same?
    $convmap = array(0x80, 0xffff, 0, 0xffff);
    field_db_value = mb_encode_numericentity($field_db_value, $convmap, 'UTF-8');

    Taken from a stackoverflow answer by yours truly.

    Why not simply use html_entity_decode?

  • Kasper (unregistered)

    TRWTF is that he left out Æ and Ø. That means he has got Swedish and Finnish covered, but not Danish and Norwegian.

    I am curious what str_replace must look like in order for this to work in the first place.

  • (cs) in reply to phihag
    phihag:
    åäö:
    Non-php coder here. could someone post a proper way to do the same?
    $convmap = array(0x80, 0xffff, 0, 0xffff);
    field_db_value = mb_encode_numericentity($field_db_value, $convmap, 'UTF-8');

    Taken from a stackoverflow answer by yours truly.

    I tried to read the mb_encode_numericentity() documentation, and I have to say I think that's the real WTF. Because it is:

    • so intuitive (not)
    • the explanation is so clear (not)
    • the implications of $convmap are so plain (not)
    • the available values for $encoding are so well documented (not)
    • how you would arrive at this usage is so plain (not)
    • the examples of how you would accomplish this particular operation are so prominent (not)

    With functions this well defined, this easy to use, and this easy to find, I have to say that the original example is a model of correctness and a definite non-WTF by comparison.

  • ¯\(°_o)/¯ I DUNNO LOL (unregistered)

    At least he wasn't Turkısh.

  • Anonymous Paranoiac (unregistered) in reply to Kasper

    If you want to learn the true meaning of horror, look at the source code of the strtotime() function.

  • Anonymous Paranoiac (unregistered) in reply to Anonymous Paranoiac
    Anonymous Paranoiac:
    If you want to learn the true meaning of horror, look at the source code of the strtotime() function.

    Meant that as a reply to this:

    Kasper:
    I am curious what str_replace must look like in order for this to work in the first place.
  • Rich (unregistered)

    TRWTF is the linked bug report is for MySQL 5.0, not PHP 5.0.

    Good catch! Fixed! -Mark

  • (cs) in reply to Evo
    Evo:
    Why not simply use html_entity_decode?

    Oh, you're totally right, the code I posted above is in the opposite direction - html_entity_decode is the replacement. To convert from characters to entitites (as is done somewhere else in the original code), htmlentities is not sufficient.

  • (cs) in reply to Coyne
    Coyne:
    I tried to read the mb_encode_numericentity() documentation, and I have to say I think that's the real WTF.
    Sadly, this is true of most of PHP's documentation. Sometimes the comments are helpful, but by no means always.
  • plasmab (unregistered)

    Not a WTF.

  • Hrmmm (unregistered)

    Yeah, pretty dull WTF today. I'm going back to yesterday's discussion of sex, money and politics. See you there!

  • Valczir (unregistered) in reply to åäö
    åäö:
    Non-php coder here. Doesn't take any real php knowledge to see that it is bad, but could someone post a proper way to do the same?

    Use python.

    That's not to say that other languages wouldn't fit the bill; python would just be my choice. But PHP really is just stupid about a lot of things. Most of it is an unintuitive mess.

  • Herr Otto Flick (unregistered)

    TRWTF is always PHP.

  • Fred (unregistered)

    He forgot about æÆ and øØ if he considers Norway and Denmark scandinavian. This guy is probably Swedish or Finn. Did he send you delicious salmiakki?

    (Captcha: secundum. At least it wasn't pr1m0 nunt10!)

  • Ajay Banga (unregistered)

    Priceless® CODE SOD:

    http://www.mastercard.com/common/js/country_list.js

    "There are some things money can't buy, for everything else there's MasterCard."

  • Meep (unregistered) in reply to Julia
    Julia:
    All together now, TRWTF is...

    PHP, for making you jump through hoops to correctly escape and unescape HTML.

    We've only had symbolic expressions since the '60s, and PHP's raison d'etre is to generate HTML. Yet here we are, in 2012, and you're supposed to litter your code with calls to escape and unescape functions.

  • Meep (unregistered) in reply to Ajay Banga
    Ajay Banga:
    Priceless® CODE SOD:

    http://www.mastercard.com/common/js/country_list.js

    "There are some things money can't buy, for everything else there's MasterCard."

    Not a Code SOD; it's Javascript that was generated server-side.

  • (cs) in reply to Julia
    Julia:
    All together now, TRWTF is...
    ...having to practice defensive programming to protect your code from attack by Vikings.
  • (cs) in reply to toot
    toot:
    TRWTF is meta submissions [and PHP, of course]
    Dont worry I will create some stupid code and name one of the variables theDailyWTF.
  • Insightful (unregistered)

    TRWTF is that this code has nothing to do with the cited MySQL bug. Entities have to be replaced before the database, otherwise you'll be searching for "metäl" and the database won't find you "metäl".

    "Text searches won't work" indeed.

  • Ralph (unregistered) in reply to Meep
    Meep:
    Ajay Banga:
    Priceless® CODE SOD:

    http://www.mastercard.com/common/js/country_list.js

    "There are some things money can't buy, for everything else there's MasterCard."

    Not a Code SOD; it's Javascript that was generated server-side.

    Yeah, that's some pretty ghastly code all right. And I wondered the same thing: tedious moronic copy-pasta or generated code?

    Either way, this smells. The work should be done on the server, not in the browser. And if it is generated code, that's even worse, because the server is doing the work but then handing it off to the client to do it all over again!

    I think some people automatically code in JavaScript because it is all they know. Which is another way of saying their I.Q. is <80 and they should never be allowed near a development environment.

    But hey, it isn't like this web site needs high standards. It's just MasterCard. All they've got is millions of people's money and credit ratings in their clumsy hands.

  • Abico (unregistered) in reply to Coyne
    Coyne:
    phihag:
    åäö:
    Non-php coder here. could someone post a proper way to do the same?
    $convmap = array(0x80, 0xffff, 0, 0xffff);
    field_db_value = mb_encode_numericentity($field_db_value, $convmap, 'UTF-8');

    Taken from a stackoverflow answer by yours truly.

    I tried to read the mb_encode_numericentity() documentation, and I have to say I think that's the real WTF. Because it is:

    • so intuitive (not)
    • the explanation is so clear (not)
    • the implications of $convmap are so plain (not)
    • the available values for $encoding are so well documented (not)
    • how you would arrive at this usage is so plain (not)
    • the examples of how you would accomplish this particular operation are so prominent (not)

    With functions this well defined, this easy to use, and this easy to find, I have to say that the original example is a model of correctness and a definite non-WTF by comparison.

    Yeah, I'm not a PHP guy at all, so it's not clear to me what's wrong with the OP. Is it just that phihag's method is the accepted way in PHP?
  • Prof. Foop (unregistered) in reply to Kasper

    http://www.php.net/manual/en/function.str-replace.php

    "Subject ... otherwise known as the haystack"

  • (cs) in reply to Prof. Foop
    Prof. Foop:
    http://www.php.net/manual/en/function.str-replace.php

    "Subject ... otherwise known as the haystack"

    What's wrong with that? The haystack is the item being search in... The name subject is maybe a bit strange, but there's a lot worse in php...

    See, PHP is fairly consistent. The fact that html_entity_decode and htmlentities are opposites, for one. Consistent use of underscores between words, and plural form... PHP also always uses the "needle, haystack" parameter order, for example in array_search. Except for strpos and maybe some other cases.

  • jay (unregistered) in reply to Bob Bob
    Bob Bob:
    TRWTF is intentionally writing bad code and then comment whoring.

    At least he recognizes that it's ugly code. When I write ugly code, I always try to include a comment explaining why I did. That way the next programmer to look at it has a clue what's going on. Aww, who am I trying to kid. That way the next programmer to look at it doesn't think I'm a complete moron.

  • jay (unregistered) in reply to Kasper
    Kasper:
    TRWTF is that he left out Æ and Ø. That means he has got Swedish and Finnish covered, but not Danish and Norwegian.

    I am curious what str_replace must look like in order for this to work in the first place.

    As a Norwegian-American, I am deeply offended at having been left out.

  • Daniel (unregistered)

    There is probably a WTF somewhere, inasmuch as this should not be needed. Just store the non-HTML-entities-text in the database, of course, and when it is supposed to be output in HTML - use htmlentities().

    The WTF is trying to store strings with HTML entities in a database. Just bad thinking.

  • (cs) in reply to Evo
    Evo:
    Prof. Foop:
    http://www.php.net/manual/en/function.str-replace.php

    "Subject ... otherwise known as the haystack"

    What's wrong with that? The haystack is the item being search in... The name subject is maybe a bit strange, but there's a lot worse in php...

    See, PHP is fairly consistent. The fact that html_entity_decode and htmlentities are opposites, for one. Consistent use of underscores between words, and plural form... PHP also always uses the "needle, haystack" parameter order, for example in array_search. Except for strpos and maybe some other cases.

    Is it a bad thing if your documentation requires switch statements?

  • (cs) in reply to Coyne
    Coyne:
    phihag:
    åäö:
    Non-php coder here. could someone post a proper way to do the same?
    $convmap = array(0x80, 0xffff, 0, 0xffff);
    field_db_value = mb_encode_numericentity($field_db_value, $convmap, 'UTF-8');

    Taken from a stackoverflow answer by yours truly.

    I tried to read the mb_encode_numericentity() documentation, and I have to say I think that's the real WTF. Because it is:

    • so intuitive (not)
    • the explanation is so clear (not)
    • the implications of $convmap are so plain (not)
    • the available values for $encoding are so well documented (not)
    • how you would arrive at this usage is so plain (not)
    • the examples of how you would accomplish this particular operation are so prominent (not)

    With functions this well defined, this easy to use, and this easy to find, I have to say that the original example is a model of correctness and a definite non-WTF by comparison.

    TRWTF is PHP's documentation site looks almost the same as the last time I visited it: 1998!

  • Blagh (unregistered) in reply to Kasper

    Finland isn't part of Scandinavia , however, Finland does have Swedish as an official language.

  • AGray (unregistered)

    Obligatory PHP is TRWTF link

    Captcha: Saepius - Whoever wrote that was an evolutionary step behind a homo saepius.

  • Finnjävla (unregistered) in reply to Blagh
    Blagh:
    Finland isn't part of Scandinavia , however, Finland does have Swedish as an official language.

    Also Ä and Ö are used in Finnish language. And it is common to refer Å, Ä, and Ö as Scandinavian characters in Finland. And Danes and Norwegians are commonly discriminated in that field.

    But the real WTF in Finnish language is that V and W are equal in alphabetic order. W is not used in modern Finnish but it is still fairly common in names and lots of computer generated alphabetic lists sort it wrong.

  • (cs) in reply to AGray
    AGray:
    Obligatory PHP is TRWTF link

    Captcha: Saepius - Whoever wrote that was an evolutionary step behind a homo saepius.

    Read most of that, and many do not believe that article to be the whole truth: I wish bloggers would stop quoting that fractal article

  • linepro (unregistered) in reply to Anketam
    Anketam:
    toot:
    TRWTF is meta submissions [and PHP, of course]
    Dont worry I will create some stupid code and name one of the variables theDailyWTF.
    In a procedure called theRWTF I hope.
  • Brian (unregistered) in reply to Kasper

    str_replace is a native PHP function (www.php.net/str_replace/)

  • d;fahjds;lhfalfhads (unregistered)

    [quote=the article]when saw the following PHP code[/quote] I think you accidentally a pronoun there.

    (Captcha: uxor. Juho uxored the TDWTF submission process.)

  • (cs) in reply to ochrist

    The original complain about php is still mostly true.

    And most of the replys are just "That's the way it is"

    But one interesting question is: What is a well designet system written in php?

    I have newer seen any. The last 2 systems I looked at was Wordpress and Magento.

    Wordpress is just a total fuckup which total ignores the concept of separation of code(Php) and presentation(html) and Magento seems to use a "Happy go luckey"* module system where a simple config/code error often will cause Magento to to skip an entire module without any warning or error message.

    It seems like they made it this way, because they could not find a way to handle php parse errors, but I don't know if that was the cause.

    But I am still looking forward to the day Php gets a proper string class which can handle unicode. Last time I checked it was scheduled for php6.

  • (cs)

    I don't understand where $field_db_value came from. The CHANGE-FROM strings are HTML. Somehow he's getting HTML into his database? Fill in a web form and submit it and what comes via POST is what the user typed, not HTML entities. Even GET mangles and un-mangles properly. Where did he get the six character string "ä" (ampersand, "a", "u", "m", "l", semi-colon) in the first place?

  • tero (unregistered) in reply to Finnjävla
    Finnjävla:
    But the real WTF in Finnish language is that V and W are equal in alphabetic order.
    No, they're not.
  • Rnd(SFP) (unregistered) in reply to Finnjävla
    Finnjävla:
    Blagh:
    Finland isn't part of Scandinavia , however, Finland does have Swedish as an official language.

    Also Ä and Ö are used in Finnish language. And it is common to refer Å, Ä, and Ö as Scandinavian characters in Finland. And Danes and Norwegians are commonly discriminated in that field.

    But the real WTF in Finnish language is that V and W are equal in alphabetic order. W is not used in modern Finnish but it is still fairly common in names and lots of computer generated alphabetic lists sort it wrong.

    Nah the real WTF is that there is W in the first place.

Leave a comment on “Known Bad Code”

Log In or post as a guest

Replying to comment #:

« Return to Article