- Feature Articles
- CodeSOD
- Error'd
-
Forums
-
Other Articles
- Random Article
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
The way I see it from looking over it briefly is that he's just removing all apostrophes?
So the obvious thing would be <FONT face="Courier New" size=2>MyFunction = Replace(inText,"'","")</FONT>... But ofcourse, you could opt to KEEP the apostophes. Gues he never found this out: <FONT face="Courier New" size=2>MyFunction = Replace(inText,"'","''")</FONT>
If this
guymorron was in my "team", I would've kicked his ass to the kerb. Buh bye !Admin
bweeeerhg [:|]
Admin
HEY! Why can't I edit my message? [:@]
Anyways... I wanted to add that you gotta love his one and only comment. And to say that I never understand why these
guysmorons never think to themselves: there should be an easier way to do this. And if there's not (or you did actually miss it by accident and didn't know about the Replace function) why thesepeoplemorons never get the idea to write their own "Replace" function. Nah, we'll keep re-inventing the wheel each time we need some code to replace a character or string.Admin
Speaking of 'giant' programs written in VB6 that need to be reverse engineered, I wonder how Mycosoft are going to handle this little matter...
Admin
That, and the fact that he is using a really lame method to clean strings of sql injections... and doesn't even realise that an injection is possible (hence the comment)
Admin
I wonder if this is the reason that the last time I was at the local "gentleman's" club and asked the dancer to stripweird she danced twice as long and took all my $'s
Admin
>>> 'sql server freaks out on this character: ' <<<
And my word processor completely freaks out over both the CR and LF characters! Starts moving the cursor over to the left side of the screen !!
Of a new line!!!
Damn lousy word processor...
Admin
And given that I can't - why is there an "Edit" button?
Admin
At least he didn't <FONT color=#0000ff>Dim pos as Double </FONT>
Admin
Do you think he does the loop twice, once for the opening quote and once for the closing quote?????
Admin
So, he doesn't know what ' does.
Doesn't bother to /find out/.
Then he decide to do a string concentration to remove it, and then he repeats it, just to be safe.
This indicate WAY bigger problems elsewhere.
Admin
If this was originally written in VB5, there was no replace function.
I do like the way he loops twice though, and the left 16000 is a nice touch.
Admin
<FONT color=#000000>From TFA
</FONT>'sql server freaks out on this character: '
Ok, maybe if you're doing ad hoc queries or Dynamic SQL ("INSERT INTO .." .. But SQL Server doesn't choke on the ' character if part of a stored procedure, doesn't it?!
Stored Procs, in general, are better than dynamic SQL, in my experience.
Admin
I think the way he/she makes extra double sure there aren't any ' chars is really just good, good, sound, sound, careful, careful programming. Hey, if the code missed one, then it can miss it again! Sure beats writting an error handler! My only worry is when the InTxt value is 16001 char or more - wouldn't it be better to write:
Private Function StripWeird(InTxt As String) As String
Dim pos As Integer
if LEN(inTxt)<= 16000 THEN
InTxt = Trim(Left(InTxt, 16000))
Else
if LEN(inTxt)<= 16000 THEN
InTxt = Trim(Left(InTxt, 16000))
Else
inTxt = TRIM(InTxt)
end if
inTxt = TRIM(InTxt)
End if
'sql server freaks out on this character: '
pos = InStr(1, InTxt, "'")
Do While pos > 0
InTxt = Left(InTxt, pos - 1) & Mid(InTxt, pos + 1)
If pos > 1 Then
pos = InStr(pos - 1, InTxt, "'")
Else
pos = InStr(1, InTxt, "'")
End If
Loop
pos = InStr(1, InTxt, "'")
Do While pos > 0
InTxt = Left(InTxt, pos - 1) & Mid(InTxt, pos + 1)
If pos > 1 Then
pos = InStr(pos - 1, InTxt, "'")
Else
pos = InStr(1, InTxt, "'")
End If
Loop
StripWeird = InTxt
End Function
Admin
This WTF has rendered dubwai unable to form coherent sentences. Is this a first? [:)]
Admin
WTF is the second loop for? That doesn't do anything, does it?
Admin
Insurance in case that the first loop's eyes were tired and missed the '
Admin
Some people said I was crazy to build a loop that removed all apostrophes from a string. But I did it anyway. And that loop missed some apostrophes.
So I ran the loop again. That loop missed some apostrophes too.
So I ran the loop a third time. That loop missed some apostrophes too.
So I ran the loop a FOURTH time. And that one caught all the apostrophes! And today that's what you're getting, son.
A thousand apologies to Monty Python.
Admin
No excuse at all. Even for dynamically generated SQL, you should be using parameter placeholders, and then setting the values in Parameter objects for the Command. It's easy, and completely avoids both injection attacks as well as any need to mangle your apostrophes.
Anyone on my team who doesn't do it this way is going to get a good talking-to [:@]
Admin
WTF is why does anyone use Visual Basic, that is one of the most horrible programming languages ever seen!?
Admin
What IS that character?? I have never seen that character before.
Admin
VB isn't great, but it is fantastic for rapid application development. It comes in handy for small little projects and was a godsend before Java came mainstream. Develop a small GUI App in VC then do the same one in VB and see how long they both take you. Dollars to doughnuts says VB kicks the ever living crap out of the VC time. In the end, larger projects needing closer interfacing to hardware should be done in VC. The problem is, 90% of projects out there start small, then through maintenance and evolution become projects that should have been spec'd completely and prolly done in Java or maybe, just maybe VC if you have someone who knows what they are doing.
Admin
You would think a reply would actually reply to the post selected...but NOOOOOO. You have to quote them...
Admin
Hehehehe
Admin
I'm would bet the development time for a fat client VB is gong to kick the crap out of Java too. The problem tends to be that the app is quick in the first dev cycle but each progressive cycle takes longer and longer. Eventually it takes longer to make a few enhancements than it did to write the app in the first place. It's no the language mind you, it's that the skill level required to code in VB is a lot lower than most languages so you tend to get less skilled developers. Another way to put it is that VB makes it easy to do a lot of things that experienced programmers know not to do.
Admin
<font size="4">Couldn't
</font><font size="4">Be...
When you re-invent the wheel, be sure to make it round.</font>Admin
I think what he was trying to do was remove single quotes from strings to prep for database insertions. Makes the whole purpose of the thing a WTF: he should've added escape characters instead of removed them single quotes.
Admin
VB ? So where is the 'On Error Continue Next' ? The biggest WTF is not reading the help file looking at 'String Functions'. Goodness the functions are all documented there. But then the system is developed in VB which speaks volumes for the experience of the developer(s) working on this project. Real programmer ( and consultants :-) ) knows that you work in languages like C, C++, Java, C# or what ever but never in VB
Admin
Well, he could do that, but InStr(pos - 1) is faster, because you know there aren't any ' before pos, so skipping that part of the string kinda makes sense...
Admin
Oh, do us a favour. "Real programmers" know that you use the best tool for the job.
It's is so dull when this board turns into a VB vs TheRestOfTheProgrammingLanguagesInTheWorld discussion by snobby programmers who like to look down on VB because it is fast, easy and popular, and somehow undermines their own sense of self importance in being a guru programmer in a 'difficult' language.
Time to move on, people!
Admin
<FONT face="Courier New"><FONT size=2>Private Function StripWeird(InTxt As String) As String
</FONT></FONT><FONT face="Courier New" size=2> .....</FONT>
<FONT face="Courier New" size=2> InTxt = Left(InTxt, pos - 1) & Mid(InTxt, pos + 1)
</FONT><FONT face="Courier New" size=2>...</FONT>
<FONT face="Courier New"><FONT size=2> StripWeird = InTxt
End Function</FONT></FONT>
<FONT size=+0><FONT face=Arial color=#000000 size=2><FONT color=#000000>For my money, one of the best bits is the way he's passing the input in by reference (the default before VB.Net) then using it as his temporary variable, modifying it and passing it back out. </FONT></FONT></FONT>
<FONT size=+0><FONT face=Arial color=#000000 size=2><FONT color=#000000>Beautiful. Even if he didn't return the results, anyone calling this so-called function will find the contents of their argument variable have been modified.</FONT></FONT></FONT>
<FONT size=+0><FONT face=Arial color=#000000 size=2></FONT></FONT>
Admin
OK. What's the deal with the fonts on this forum?
Admin
The comments indicate that the coder (I hesitate to use the word 'programmer') has found that quotes cause problems with his database engine of choice.
So, rather than working out why, and risk providing a sensible solution, he has decided unilaterally to simply strip all the quotes out. Neet. And deserving of a poke up the arse with a sharpened stick.
I fully expect to see, elsewhere in the system, something that converts quotes to some other character, and then converts them back again after it's been through this routine.
The funy thing is, if you use a decent toolkit, you don't ever have to worry about reinventing this particular wheel. But I don't remember ever seeing VB described as a decent toolkit, so I guess that point is moot.
Simon
Admin
Were I feeling charitable, I'd guess that mentioning "replace" as the right way to do what the coder originally intended (even if he didn't realise he intended it) - twice - was an ironic commentary on the double construct in the original code.
However, I'm not feeling charitable, and I am forced to conclude that you must be one of those "morrons" we hear so much about.
Admin
Yup, I agree - there's plenty of scope for similar/worse approaches in ANY language...having said that, this WTF is a corker.
Admin
It should be clearly obvious to everyone here that the real WTF is SQL Server freaking out over a standard ASCII character!
I'd love to see the first error message he got when he found this out.
"Dude, that character like totally freaked me out!!! Don't send me any more, ok?"
[OK] [Cancel]
Admin
I was commenting on the code as it was posted, not what he should have done (Stored Procedures, Parametrized Query's). Everyone knows he should have used XML with some XSLT and some Javascript and preferably throw in some other languages too. [:D]
Admin
Yeah, it does look like he's running the loop twice, once for open, once for closing quote... how very very very odd.
Admin
I'm a little worried about the efficiency of the code.
Why not a script that generates the function, explicitely unrolled for an arbitrary number of bytes (up to say, 640K, since Bill Gates decreed that's all we'd ever need) and then just checks each byte explicitely.
'That's, in my mind, efficiency's best bet, y'all, since you don't know how many ASSKISS 39's the input may be packin''.
We can call such a script: Duff's Dementia.
Admin
Do you mind if I use this quote? It perfectly sums up many of the problems with VB (and several other RAD tools as well).
Admin
While I agree that a lot of the VB-bashing (such as the example above) is uncalled for, there are objective reasons why VB is less than desirable. The language is extremely large and complex (far more so than most client-programmers suspect when they begin using it), has many grave design flaws, and through VB6 at least had been developed in a slipshod and ad hoc manner. VB.Net really does fix many (nowhere near all) of the problems with VB as a language, but the result is about as different from VB6 as Java is from C++. Since the language is proprietary and subject to arbitrary change (something which is also true of Java, admittedly)
I doubt that a 'visual' RAD tool based on, say, Ruby, would have nearly as many problems, or as many complaints. To give a real example, I've heard of implementation complaints regarding Boa Constructor, but I can't recall many complaints about the underlying language (Python), and certainly nothing like those levelled at VB; this may be just a function of popularity, I suppose, but from what I've seen Python is mostly a language people move to rather than away from. Had VB been better designed as a language (and if there were an open, published standard from the start), I doubt that it would have the odious reputation it does.
Personally, my biggest issue is that VB looks easy to use, and is for fairly straightforward projects, but becomes monstrously difficult to maintain beyond that. Also, I personally feel that VB is a poor language for teaching - something I also feel about C, C++, Java, and Perl, though for different reasons in each case - and encourages sloppy programming habits. It tries to fit the 'casual programmer' niche Smalltalk was designed for, and fails.
Admin
Feh. I apparently dropped the end of that first paragraph somehow. It should have read:
"Since the language is proprietary and subject to arbitrary change, programmers using it cannot be certain if the code they write today will work on the next version of the language - something which is also true of Java, admittedly, but the Java developers tend to make fewer radical changes, and phase out old constructs rather than simply axing them or rearranging them. The fact that the language is not fully documented (AFAIK), and no standards body exists for it, makes some aspects of development a matter of guesswork.
Admin
Admin
Jesus, dude, don't you have anything better to do?
Admin
It's missed it's requirement goal. If it strips "wierd", how come I can still see the code?
Admin
So many WTFs... Let's see:
Ok, did I miss any?
Admin
He's probably trying to shave off some cycles, but, unfortunately, he's a bozo, which means it doesn't actually buy him anything. That's because the line
always requires linear time, and it's executed once for every apostrophe, so in the worst case, he manages to make a simple string replacement, which should be O(n), O(n²) in time complexity.
Admin
Were I feeling charitable, I'd calmly point out that what you are saying has nothing at all to do with RobIII's comments.
However, I'm not feeling charitable, and I am forced to conclude that your "brain" is actually a half-rotten cauliflower, moron.
Admin