- Feature Articles
- CodeSOD
- Error'd
-
Forums
-
Other Articles
- Random Article
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
Bobby Tables Bobby Tables Bobby Tables Bobby Tables Bobby Tables Bobby Tables Bobby Tables Bobby Tables Bobby Tables Bobby Tables Bobby Tables Bobby Tables Bobby Tables Bobby Tables Bobby Tables Bobby Tables Bobby Tables Bobby Tables Bobby Tables Bobby Tables Bobby Tables Bobby Tables Bobby Tables Bobby Tables Bobby Tables Bobby Tables Bobby Tables Bobby Tables Bobby Tables Bobby Tables Bobby Tables Bobby Tables Bobby Tables Bobby Tables Bobby Tables Bobby Tables Bobby Tables Bobby Tables Bobby Tables Bobby Tables Bobby Tables Bobby Tables Bobby Tables Bobby Tables Bobby Tables Bobby Tables Bobby Tables Bobby Tables Bobby Tables Bobby Tables Bobby Tables Bobby Tables Bobby Tables Bobby Tables Bobby Tables Bobby Tables Bobby Tables Bobby Tables Bobby Tables Bobby Tables Bobby Tables Bobby Tables Bobby Tables Bobby Tables Bobby Tables Bobby Tables Bobby Tables Bobby Tables Bobby Tables Bobby Tables Bobby Tables Bobby Tables Bobby Tables Bobby Tables Bobby Tables Bobby Tables Bobby Tables Bobby Tables Bobby Tables Bobby Tables Bobby Tables Bobby Tables Bobby Tables Bobby Tables Bobby Tables Bobby Tables Bobby Tables
Admin
good going
jerk
Admin
For people who puzzled on why the "right approach" is commented, I think the hint is in the following line:
//OdbcParameter paramForumOption = new OdbcParameter("@ForumOption", OdbcType.Int, 1);
I think some ODBC provider don't understand "@" sign as name of parameter... they use "?" instead. (see the other 3 lines) My bet is some clueless coder didn't notice it, and time is pressing, so use "replace" approach as quick fix.
Admin
I really hope you are joking. If you aren't then I feel sorry for your stupidity.
CAPICHA: acsi - damn Easterners with all their larger-then-255-character-character sets. One byte FTW
Admin
Admin
Alex, can you highlight topcod3r with a big, nice troll icon? That way he will be nicely fed and people won't have to question the seriousness of his answers.
Admin
This code itself it WTF-worthy!
Admin
Notice: A serious vulnerability has been discovered in the reference implementation of the mail delivery protocol. It allows a remote attacker previously unknown to the system to cause a serious denial-of-service attack.
Details: The attacker, who needs know only their target's address, crafts a custom packet containing a payload capable of rapid exothermic gas-producing reaction (whether physical, chemical or nuclear is immaterial). This payload is then set to activate by some means - this could be a time delay, a remote wireless signal, or upon opening of the packet, or possibly other means. Upon activation of the payload, considerable damage and destruction is caused to all materials within a certain radius of the packet. These could include computer hardware, data backups, network infrastructure and human resources.
Resolution: There are many ways to counter this threat. Mail transfer agents and mail delivery agents can have scanners added, though the variety of payload materials may mean some will not be caught. Some of the tools to create the payload have had their sourcing monitored or even made illegal, making it harder for attackers to obtain them undetected.
However, we recommend the simplest solution: A limit on the maximum packet size of about that of an average letter, with special security procedures for larger packets.
We strongly advise updating your systems as soon as possible. If you cannot update, you may wish to reject all mail.
Admin
WTF is this?? Nearly everything you says is 100% Wrong.
First of all no the code is not "in javascript", it's SQL.
Also commenting a few lines out is NOT "refactoring"
Your suggestion to do replacement "on the server side" is impossible.
your claim that "it is all OLEDB nowadays" is rubbish
and wtf is a "data layer"?
your parameter names suck and your database codes suck
I always amuses me how n00bs think they can add anything of value to the discussion.
Admin
The only thing worse than a dumb coder is an ignorant coder who thinks they know how to code securely but clearly don't.
Admin
Admin
Please. I have been working on database access for over 2 years. I think I know what I am talking about somehow.
Admin
Sheesh... you've been working on database access for over 2 years. I hope you're not on the critical path of a project because that's an eternity just for database access. I hope you get it working sometime soon. Maybe you're having some problems with security or something.
Admin
-1 troll
Admin
I know why they did it. To prove the point of crossplatformism, they switched their previously working MS SQL database out for a clunky old DB2 running on a mainframe (since its more enterprisey) and then realized nobody on staff could get a stored proc to work on db2.
Admin
I don't get it. Is cthulhu trolling as well? Or is he just dense?
Admin
TRWTF is stored procedures.
Admin
lol. i love the responses to TopCod3r. Every day there's a new person who falls for it.
Admin
Oh, don't forget about the reassuring "we only hire senior developers" after talking about their design.
That's where I'm at now... oh well, the pay is good. :) As long as I can keep my sanity intact until everything is fixed... and hopefully I'll be in on some interviews from now on to try and weed people out.
Admin
Did you consider that TopCod3r and SecCodr might be the same person and that TopCod3r, knowing he can't get the long-time reader to fall for his troll bait, instead pretends to be a nube responding to TopCod3r troll bait, in order that you laugh out the nube? Thus falling prey to the trolling yourself? I await your answer with baited breath...
Admin
Admin
If you fall for such trolling after someone else has already fallen for it then you really do deserve your plight - simply for not bothering to read the existing replies
Admin
Who is really the troll -- the troll, or the troll that trolls him?
(... now I have a headache.)
Admin
TopCod3r's know-it-all-but-all-wrong character is artful enough and funny in its own way. I'm sure it's not easy to craft just the right amount of ignorance.
But I don't like it when I get halfway through a someone making a point and I'm taking it seriously but then I realize it's all sarcastic. Sometimes I don't even find out until later in the thread, like today. Plus, I'm not sure I've unlearned all the stuff I read in his posts before I realized they were his. So in the end they really are disenlightening. It was a good hack but it's getting a little hackneyed.
I almost never look at posters' names and if I did it would never be before reading the comment. Maybe I'll have to now, which I will regard as an overhead courtesy of TopCod3r.
But I'm not saying he should stop or be banned. Humor is a tricky subject and if nobody ever tried to be funny nobody would ever be funny. But I can only take Jerry Lewis or Stephen Colbert for so long. There are better kinds of humor and I'd like to see TopCod3r try them.
Level up, TopCod3r!
Admin
fk me, thanks guys i can't believe i just read all of those comments and now it's 3am so just hope i don't dream of trolls wtf rules!
Admin
Admin
Anyone who can't see him coming from a mile off is TRWTF.
Admin
What? TopCod3r is a troll?! I just implemented his suggestions and they work grate! It's at least 30% faster on my MS Access + ASP web application.
Admin
I'm guessing the correct (second, of course, why am I pointing this out?) snippet was commented out because it didn't work.
Why?
The first snippet uses ForumsOption, but the second one used ForumOption. I'm guessing that instead of fixing the problem the right way they redesigned it.
Admin
Ideally, if you were using a language that supports macros, you could write something like this:
(sql select * from 'table where 'column = "value")
In this example, the ' tells the macro to parameterize the variable "table" instead of accessing the table called "table". Anything following an = sign is treated as a value to be parameterized.
The one-liner above expands to something that is equivalent to that half-page of commented out code shown in the article.
Admin
He's been living under the sea for "Countless Eons". He's a little out of touch.
Admin
'BATING IT???!!!??? That's DISGUSTING! If you're gonna 'bate your breath, do it in private, please. We don't wanna know about it.
Admin
You're just trolling, right???
Admin
As sad and maybe unbelievable it sounds, I have been told to do things similar to this more than one time. Thank God, not that safety relevant, mostly path not found and segfault issues.
I have to mention that we are an outsourced software factory for an international corporate group. And that we are paid by man hour, because the client believes this was cheaper.
Application has several more or less severe bugs from time immemorial.
I to my boss: "I'll fix this. Will take about half an hour. Testing comprised" Boss: "That issue is known to the client, but they are too avaricious to have it fixed. DO NOT MEND IT. THIS IS AN ORDER."
So when there is little to do I write the code to fix it, test it and comment it out afterwards.
When the client can't neglect their users' complaints any longer, they tell us to fix it, usually ASAP. Then we change comments, goof off two days and let the client pay for that time. (Okay, this is a bit exaggerated, but I think they'd deserve it.)
(Sorry if digging out an old thread is against forum custom, but I thought it might fit here.)
Admin
I'm alsways opting for the fine "EXECUTE IMMEDIATE" in Oracle to execute concatinated and replaced Strings as queries.
Just to be sure everything gets executed fast! ;-)
Admin
Hello Bert.