- Feature Articles
- CodeSOD
- Error'd
-
Forums
-
Other Articles
- Random Article
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
What are you talking about, why query the database twice when you can just have the ASP app carry a 500k viewstate/session variable.
Modem users will simply love it!
Admin
Nice way to start off a new week - with a "classic" WTF of "classic" ASP...
What? was the Dictionary Object of the Session not good enough for him?[<:o)]
Admin
For give my ignorance, I haven't touched a VB-like language in nearly 8 years, but couldn't this whole thing be reduced to like 4-6 lines with a single loop and NO breakable string processing? (ignoring the other problems)
Admin
The "developer" that wrote this code ought to have their keyboard shoved so far up their arse that it shall never be accessible for coding again. Ever.
Admin
Notto be nit-picky but Clng will return a 32bit int.Admin
CLng(CLng()) ???? OMG
Admin
I guess this is one step better than serializing all the business objects into cookies and hydrating/dehydrating them over a 14.4 modem.
Admin
So, let me see if I've fully understood the beauty of this function.
Genius!
Admin
I've done both of those...=/
Although to explain, I've done casting like that in the first few months I wrote asp because I kept getting screwed by VB improperly casting things so I would cast everything out of paranoia.
As for the latter....well it was the first thing I ever wrote in asp. And sadly it runs faster than the page it replaced. Of course it doesn't help that our database server is exceedingly old, slow, not maintained very well, and half a mile away, especially when the original pages made similar or identical queries every time you clicked to go to the next page of the report.
Admin
Yes it could.
Maybe the "developer" thought that calling the Session.Contents.Count method would corrupt the data so he/she pulled the data out before calling it?!? [;)]
Admin
Oh, that's pure magic
Simon
Admin
The last entry will be an empty string; when the string ends with the terminator itself, as it does in this case, the Split function will "find" an empty string at the end after the last delimiter. This is perhaps the one aspect of this code that is not COMPLETELY boneheaded.
Admin
@IceFreak
Don't want to defend this mess really, but two points need to be corrected:
ad 3: In order ro create a dynamic array in VBScript, you need to Dim and then ReDim it.
ad 5: The way he does it, the last elements needs to be missed because it's always emtpy (there is an additional separator at the end of the strings)
Benjamin
Admin
WRT #5; yep, you're absolutely correct. I hadn't fully factored in the (ab)use of the UBound function!
WRT #3; damn - when you've been developing in Real Languages(tm) for a while, you forget how much of an abortion VBScript is at times!
Admin
They wouldn't have to have done that if they had specified the dimensions in the first place right? Although I suppose it wouldn't be dynamic then. I like the variable names.
Admin
Surprisingly, the Stuff variable is the most aptly named of them all. Competing with tmp1, tmp2, a, b doesn't provide much of a challenge.
Admin
Doesn't anyone know how to program anymore?
Instead of copying the one-dimensional array elements directly to the two dimensional array, he needs to create a client-side database and save the elements to it, then export the database table to a flat text file, then import it into Excel, then execute a macro to read the spreadsheet into the 2D array.
And use XML.
--Just call me "Rank"
Admin
Now that's not entirely true--maybe the code that calls SessInfo() is allergic to collections or something. Or maybe it's just really snobby and will only deal with arrays. You know, it could be really really old grumpy code that don't want nothin' to do with them newfangled "objects". [:|]
Admin
Admin
I wonder what happens if you enter "][" into a form on that page...
Admin
Kablam!!! The server goes up in smoke!!![:P]
Admin
Out of bounds errors, most likely... or some really funny properties :-)
Admin
Split uses all the characters in the string passed as the delimiter.
Admin
Admin
Even if this code weren't a WTF, I would say that any time you see an array in VB, that in and of itself is a WTF.
Admin
I'm surprised that nobody has yet brought up that the (choke) developer's lack of any safety checks should the Session.Contents collection be empty; Stuff() would be called with a Redim(-1,1).
Or is there some black magic to ASP where Session.Contents is guaranteed to hold at least one object/value?
Admin
On a slightly related note, I would like to share my pain. Today I came across
the following code (VB.NET):
<FONT size=2>
</FONT><FONT face="Courier New"><FONT color=#0000ff size=2>Private</FONT><FONT size=2> </FONT><FONT color=#0000ff size=2>Sub</FONT><FONT size=2> LinkButton2_Click(</FONT><FONT color=#0000ff size=2>ByVal</FONT><FONT size=2> sender </FONT><FONT color=#0000ff size=2>As</FONT><FONT size=2> System.Object, </FONT><FONT color=#0000ff size=2>ByVal</FONT><FONT size=2> e </FONT><FONT color=#0000ff size=2>As</FONT><FONT size=2> System.EventArgs) </FONT><FONT color=#0000ff size=2>Handles</FONT></FONT><FONT size=2><FONT face="Courier New"> LinkButton2.Click
</FONT></FONT><FONT size=2></FONT></FONT><FONT face="Courier New" color=#0000ff size=2> Call</FONT><FONT size=2><FONT face="Courier New"> HideShowPnls("1011111111")
</FONT></FONT><FONT face="Courier New"><FONT color=#0000ff size=2>End</FONT><FONT size=2> </FONT><FONT color=#0000ff size=2>Sub
</FONT><FONT face="Courier New"><FONT color=#0000ff size=2>Private</FONT><FONT size=2> </FONT><FONT color=#0000ff size=2>Sub</FONT><FONT size=2> LinkButton3_Click(</FONT><FONT color=#0000ff size=2>ByVal</FONT><FONT size=2> sender </FONT><FONT color=#0000ff size=2>As</FONT><FONT size=2> System.Object, </FONT><FONT color=#0000ff size=2>ByVal</FONT><FONT size=2> e </FONT><FONT color=#0000ff size=2>As</FONT><FONT size=2> System.EventArgs) </FONT><FONT color=#0000ff size=2>Handles</FONT></FONT><FONT size=2><FONT face="Courier New"> LinkButton3.Click
</FONT></FONT><FONT face="Courier New" color=#0000ff size=2> Call</FONT><FONT size=2><FONT face="Courier New"> HideShowPnls("1011100000")
E</FONT></FONT><FONT face="Courier New"><FONT color=#0000ff size=2>nd</FONT><FONT size=2> </FONT><FONT color=#0000ff size=2>Sub</FONT></FONT>
<FONT face="Courier New"><FONT color=#0000ff size=2>etc....
<FONT face="Times New Roman" color=#000000 size=3>Now this had me worried. So I looked for the mysterious HideShowPnls() function:</FONT>
</FONT></FONT><FONT face="Courier New"><FONT color=#0000ff size=2><FONT face="Times New Roman" color=#000000></FONT>
<FONT color=#0000ff size=2>Private</FONT><FONT size=2> </FONT><FONT color=#0000ff size=2>Sub</FONT><FONT size=2> HideShowPnls(</FONT><FONT color=#0000ff size=2>ByVal</FONT><FONT size=2> binshowcode </FONT><FONT color=#0000ff size=2>As</FONT><FONT size=2> </FONT><FONT color=#0000ff size=2>String</FONT><FONT size=2>) </FONT><FONT color=#008000 size=2>'hide/show panels
</FONT><FONT color=#0000ff size=2> If</FONT><FONT size=2> Mid(binshowcode, 1, 1) = "1" </FONT><FONT color=#0000ff size=2>Then
</FONT><FONT size=2> pnlPgeHdr.Visible = </FONT><FONT color=#0000ff size=2>True
</FONT><FONT color=#0000ff size=2> Else
</FONT><FONT size=2> pnlPgeHdr.Visible = </FONT><FONT color=#0000ff size=2>False
</FONT><FONT color=#0000ff size=2> End</FONT><FONT size=2> </FONT><FONT color=#0000ff size=2>If
</FONT><FONT color=#0000ff size=2>If</FONT><FONT size=2> Mid(binshowcode, 2, 1) = "1" </FONT><FONT color=#0000ff size=2>Then
</FONT><FONT size=2>PnlMainDtl.Visible = </FONT><FONT color=#0000ff size=2>False
</FONT><FONT color=#0000ff size=2>Else
</FONT><FONT size=2>PnlMainDtl.Visible = </FONT><FONT color=#0000ff size=2>True
</FONT><FONT color=#0000ff size=2>End</FONT><FONT size=2> </FONT><FONT color=#0000ff size=2>If</FONT>
<FONT color=#0000ff size=2> ...
<FONT face="Times New Roman" color=#000000 size=3>Some people seriously piss me off. Shit this pisses me off.</FONT></FONT>
</FONT></FONT>Admin
Hey, this boy's advanced! He declares variables, gives them meaningless names and everything!
Admin
If it's really True/False in the first if, and False/True in the second if, I can share the feeling...
One WTF that I want to share: I implemented an educational program (in C++), and I needed to exchange exercise results with a teacher program... written in VB. The VB programmer insisted I use a DAO database to put stuff in. I flatly refused, because it would have meant installing the DAO runtime on all the clients. These clients are mostly in schools obviously, and installing tons of 'extra' DLLs on a system is asking for trouble. So, I implemented writing a log file (flat text file) with the results in them, and he parsed the log file in order to load the results. He then proceeded to make a local RecordSet, creating records with the results in them. That was because he needed to Sort the record set in order to be able to display the results.... totally destroying the need for the text-only log file.
Ah well, people have learned since then... The last few years, I've only worked with C++/PHP people, which pleases me lots more. Unfortunately, there's still legacy VB code to be supported once in a while :-(
Admin
WTF?????????
Admin
PHP is the new "classic VB". A million over-specific functions in one namespace, not much in the way of strong typing, and all the kids are learning it...
Admin
No, PHP is shit. It's like someone found perl difficult, so simplified the syntax a bit, made it sorta kinda object aware, then glommed all of cpan into the language. in one namespace.
That's not really a problem. Strong vs dynamic typing is every bit as religious as vi vs emacs, and every bit as specious - both have their place[1]
What's a real problem is that php doesn't have any concept of data tainting. That, in and of itself, is a massive WTF
Sigh. Yes. One can only help that they wipe themselves out before they do any more damage.
Or learn ruby.
Simon
[1] i.e. vi and strong typing firmly relegated to the dustbin of history
Admin
It's not a matter of strong vs dynamic. You can have strong vs weak, and dynamic vs static. PHP has dynamic but weak typing, while e.g. Python has dynamic and strong typing. C has static but relatively weak typing, and Haskell has static and strong typing. In PHP, this code:
if (1 == "1")
print "equal";
else
print "not equal";
will print "equal" since PHP will convert both values to the same type before comparing them. Python will never do such conversions behind your back. The equivalent comparison in Python will always evaluate to false. In C the comparison would be invalid code, but you could cast the string to an int:
if (1 == (int)"1")
...
The value of the cast would be the numerical value of the address of the string which isn't terribly useful in most cases, but the compiler wouldn't complain about it. Such a cast wouldn't be possible, or much harder to do, in a strongly typed language.
http://en.wikipedia.org/wiki/Strongly-typed_programming_language
http://en.wikipedia.org/wiki/Static_typing#Static_and_dynamic_typing
Admin
Hear! Hear!
HEY! I (still) use vi, and love it! "Strong typing" on the other hand...
-dZ.
Admin
Gag.. I don't even know what to say.. Casting a Long from a Long minus one.. *shudder*
I love how there always be an extra "[" in Stuff..
Admin
Indeed, why he didn't at least do:
tmp1 = tmp1 & "[" & Item & "]"
Is beyond me...
Admin
Man, the world is seriously full of stupid people.
The more stuff like this is see (specially on thedailywtf), the more I start to think “Wow, I am intellectually superior to 99% of everyone I ever have and ever am likely to encounter.”
Admin
I agree with the sentiment, but I cannot believe people who are capable of writing a new programming language would find Perl difficult. The original PHP was designed to be easy for beginners to come up with simple dynamic web pages. It certainly is good for that. Unfortunately, it's the beginners who always make the most mistakes, because they don't have the experience and the knowledge that experts have.
And vi is alive and well. I rarely meet anybody who knows as many vi commands as I do, nor do I meet people who know the same number of emacs commands. I believe most people just want Notepad with line number support. I want a few more functions than that. (I once saw someone try to save their program as Rich Text because they were using Wordpad.) Both are extremely capable programs, but I believe VIM is the gold standard of text editors. Emacs is the gold standard of programmable environments, whose main function happens to be text editor.
Admin
Still working with PHP, from a previous ASP.NET/C# background. I share the feeling.
Admin
PHP was once Rasmus Lerndorf's "personal home page tools". And that was the original intent of the language -- one man's method of creating his own dynamic site by simply tagging up a page rather than having to go through the hassle (and it was a hassle back in those days) of installing and activating a new CGI script every time he made a change. It was never meant to be industrial strength; the release of the PHP tools package was for like-minded hobbyists. (Oh, and it was an abstraction of C, not PERL.)
Then "critical mass" happened, and it turned into Godzilla. It was never designed to be used as it is being used today.
Fact is, though, that a LAMP setup is cheaper than a decent cup of coffee, so yeah, it is the weapon of choice for wannabe web developers. (Even something like WebMatrix, which downloads free and fits on a floppy but requires The Framework and Windows to run, is mind-bogglingly expensive in comparison.) Heck, you can get a half-dozen hosted domains with SLAs for the price of a large pizza each month, and Billy down the street can build your site for fifty bucks and a case o' beer.
When Billy "goes pro", guess what he'll be using. Go on. Guess.
Admin
Huh? What's "data tainting"? I learned PHP a few days ago to make my website validate user licenses, and found it to be surprisingly rich in features. It had most of the tools I depend on in C++.
The lack of a way to give a variable a single, fixed type had me worried, so I had to be very careful not to give the interpreter the opportunity to change types on me. Ultimately, PHP did what I wanted, with no unpleasant surprises.
Admin
Won't defend OOP in php too much here (php5 is supposed to make the OOP worth a damn, but I have yet to have a client that is using it, so I can't testify myself) But one namespace? All of php's assorted fuctions are separated into library files that are left unincluded by default. The user turns them on as needed in config.
For several versions now register_globals has been turned off by default, thus killing the data tainting problem.
I'll admit there are some stupid people on the user end of php. People still pump raw form data into DB queries even without global registration there to do it for them by accident. Not to mention the fact that nobody was smart enough to turn off the register globals setting themselves until php devs did it for them, but as far as web development, I consider it to be the best solution. Its been proven capable of speed and reliability (IPS), even if not always used for good.
I think we should take all this energy we're using for hating PHP and use it for something constructive, like hating Coldfusion *shudder*.
Admin
No. register_globals to off solves data injection attacks, not tainted data attacks.
Tainting is where I get data from the outside world and it is not considered trusted until I have done something to it that changes it, and therefore I can't do certain things with it. (I suspect you already know this, but someone else asked earlier and I want to reduce my CommunityServer[1] pain). Even with global registration turned off, which in a lot of cases it still isn't, this is not provided by php.
Details on perl's taint mode : http://gunther.web66.com/FAQS/taintmode.html
What it comes down to is that when writing for web applications, you have to be paranoid. not just a little bit paranoid, but completely, sociopathically, paranoid. A good web developer gets someone else to taste his/her coffee, even if it came direct from a machine.
As far as 'stupid users', consider one of the 'flagship' php apps, phpBB. Nobody would level the term "stupid" at those developers, yet it has security flaw after security flaw, leading to it being a dangerous thing to implement on a site. Alex might be using a shit solution that won't let me edit my posts, but at least he's not liable to be hacked on a weekly basis. Most of the flaws in phpBB are directly related to lack of data tainting.
And the other thing I hate about PHP is that it's pretty much always mentioned in conjunction with MySQL, which gives it about as much credibility as a jack chick tract as far as I'm concerned.
In short. It's fundamentally insecure, and used by people who have no clue what security is in the first place. It's horrible to use in an OO way (and 5 doesn't much fix that). Most of the app that are written in it require MySQL. It won't go anywhere near any of my servers. Being 'easy to use' is not necessarily a good thing.
That all said, here's something for the PHPers : http://www.cs.virginia.edu/~techrep/CS-2004-36.pdf
I'm afraid I don't know enough about coldfusion to be able to hate it enjoyably, but I'll willingly watch while you do, or we could come to an equitable agreement to hate something else. My suggestions would be: MySQL. Most Java Web Frameworks. XML. Flash. MySQL again for good measure.
Simon
[1] I've only just noticed that it's called CommunityServer. Is it in any way related to CommunityService, the lightweight punishment dished out to thugs? It certainly feels like it.
Admin
I admittedly don't know what's wrong with MySQL. I build sites on alot of shared systems, where that's the available flavor, and its always run well enough, though I'm sure you have a laundray list of complaints I didn't know about. I've learned quickly by word of mouth to hate Oracle, Postgre I have yet to even encounter, MS SQL I saw once, but it was as I was about to install MySQL for compatibility with my previous PHP work on a Linux server (given the ammount of hostility I see on these boards, I was surprised that the thoroughly Microsoft admin was so willing to welcome my Unix/Linux/Dark-side utilites onto his server).
To an extent I think its simply platform. Its WinServ03/IIS/ASP for Microsofties, and Linux/Apache/PHP for ravers and fans of Crystal Method. Not to mention Mac/AOLserver for communists and the french (why do the Unix people get the cool stereotype?)
Mixing and matching any of these things is bad anyway. Apache goes bonkers on Windows, Microsoft is less than ecstatic about porting anything to Unix, and Mac is, well, moderatley amusing.
As to coldfusion, you know how in php or asp you have HTML, and then you have some code enclosed in <? ?> or <% %> brackets? Coldfusion isn't like that. There isn't a code part and an HTML part, its all HTML. The commands all have their own little markup tags, so you get HTML syntax with these thousands of little nuggets of scripting stuffed sepositorally into the middle of it.
Admin
ever shit your brains out after eating at taco bell?
this is what's left on the toilet paper after you wipe your ass!
wtf!
Admin
<FONT face="Courier New"><FONT style="BACKGROUND-COLOR: #ffffff"><FONT size=+0><QUOTE>
</FONT></FONT></FONT><FONT size=+0></FONT></FONT></FONT><FONT face="Courier New"><FONT style="BACKGROUND-COLOR: #ffffff"><FONT size=+0>Private</FONT><FONT size=+0> </FONT><FONT size=+0>Sub</FONT><FONT size=+0> LinkButton2_Click(</FONT><FONT size=+0>ByVal</FONT><FONT size=+0> sender </FONT><FONT size=+0>As</FONT><FONT size=+0> System.Object, </FONT><FONT size=+0>ByVal</FONT><FONT size=+0> e </FONT><FONT size=+0>As</FONT><FONT size=+0> System.EventArgs) </FONT><FONT size=+0>Handles</FONT></FONT></FONT><FONT style="BACKGROUND-COLOR: #ffffff"><FONT size=+0><FONT face="Courier New"> LinkButton2.Click
</FONT></FONT><FONT face="Courier New"> Call</FONT></FONT><FONT style="BACKGROUND-COLOR: #ffffff"><FONT size=+0><FONT face="Courier New"> HideShowPnls("1011111111")
</FONT></FONT><FONT face="Courier New"><FONT size=+0>End</FONT><FONT size=+0> </FONT><FONT size=+0>Sub
</FONT><FONT face="Courier New"><FONT style="BACKGROUND-COLOR: #ffffff"><FONT size=+0>Private</FONT><FONT size=+0> </FONT><FONT size=+0>Sub</FONT><FONT size=+0> LinkButton3_Click(</FONT><FONT size=+0>ByVal</FONT><FONT size=+0> sender </FONT><FONT size=+0>As</FONT><FONT size=+0> System.Object, </FONT><FONT size=+0>ByVal</FONT><FONT size=+0> e </FONT><FONT size=+0>As</FONT><FONT size=+0> System.EventArgs) </FONT><FONT size=+0>Handles</FONT></FONT></FONT><FONT style="BACKGROUND-COLOR: #ffffff"><FONT size=+0><FONT face="Courier New"> LinkButton3.Click
</FONT></FONT><FONT face="Courier New"> Call</FONT></FONT><FONT style="BACKGROUND-COLOR: #ffffff"><FONT size=+0><FONT face="Courier New"> HideShowPnls("1011100000")
E</FONT></FONT><FONT face="Courier New"><FONT size=+0>nd</FONT><FONT size=+0> </FONT><FONT size=+0>Sub
</QUOTE></FONT></FONT></FONT>
No...no f'ing way someone is that stupid. This is what happens when a VB jackass reads something on bit twiddling and thinks he can apply it. Proof positive of my first theorem: Nothing can be made idiot proof because they can always make a better idiot.
Admin
http://sql-info.de/mysql/gotchas.html
Admin
Well, there's a rather nice site linked further down that explains most of the gotchas I've come across.
The issue is that it's not a proper SQL database. It's so far removed from the SQL9x specs as to make application translation to a proper database almost impossible.
Even SQL Server, which I dislike with a loathing, and which has its own bizarroid issues, is more compliant than MySQL. Every time you want something that is considered normal in the real database world, you're told to run the cvs version, or wait for the next release.
Sybase : all you'll ever need Oracle : all you'll ever need, smeared in shit Postgres : What you'll need tomorrow, yesterday MS-SQL : most of what you need, but you need to sell your soul to get it MySQL : what you needed yesterday, tomorrow. maybe.
I'd also hammer informix and ingres, but it's been years since I touched them (getting on for 15 years) so they have probably improved.
For serious enterprise level applications, Sybase and Oracle are where it's at, but postgres is catching up. If licensing costs are relevant, you are going to be well off looking at postgres, but if you're doing that kind of app and licensing costs are a major issue, you probably need to rethink your priorities.
For any smaller app (including web apps) dealing with significant amounts of important data, Postgres or MSSQL will probably do you, but beware that a database server type machine / cluster running MSSQL will cost a small fortune in licensing.
If you're writing a blog - well, sure. Use MySQL.
Simon
Admin
rediii, that comment about taco bell was vulgar and unneccessary.
Admin
Please sir.. think of the children.. Don't feed the Trolls.