- Feature Articles
- CodeSOD
- Error'd
-
Forums
-
Other Articles
- Random Article
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
Is the __________ redacted table name, or they have a table named _________?
No, I wouldn't be surprised if it's the latter.
Admin
Generally, when somebody hands me a working program with no provenance and no supporting documentation, and asks me to convert it to another platform etc., I do exactly that -- I blindly port it over with the absolute minimum of analysis or cleanup.
Because with only the code available, the code is the domain definition, the code is the problem statement, the code is the proposed solution, the code is the functional specification, and the code is the commentary.
If it is buggy, too bad. If it has security holes, if it invites input errors, if it occasionally loses data, if it is impossible to understand, too bad. It performs exactly as it was specified to perform. By the code.
Admin
"supported" assumes that kind of monster is supportable in the first place.
It sounds more like Tom was used as the victim of a symbolic human sacrifice, to appease the wrath of some heavenly powers that manifested in the form of lost contracts for the company.
Admin
Is this a project where they hired a dozen junior devs for a greenfield project? "Here are the client's requirements, you have 3 months."
Admin
It's probably more like "The Client wants the PC to make the invoices. DO IT NOW."
Admin
It takes 30 seconds to write a SQL string literal encoding function on a bad day. There is no excuse. No, not even "the values are known."
"split across far too many files": How many would you like them to be split across? One?
Admin
Both spaghetti code and ravioli code are horrible to debug. Clean Code suggested 6 lines per function, and if you stick to that, and have a file for each, I think it would be slightly worse than having a single file. Slightly.
Admin
Exactly, otherwise obligatory xkcd happens: https://xkcd.com/1172/
Admin
Sorry, I don't go by "Uncle Bob Says". When I have too many files open in the IDE, I close some.
Admin
"... and this was the [result] assault." There, fixed it for you.
Admin
Because of course, if you are creating queries like this, you absolutely know how to make a string literal encoding function without any potentially catastrophic bugs.
If only there were any numbers between one and "far too many"...
Admin
Man, sometimes a code base is just big. Can't Visual Studio index VB code?
Admin
Some day I'd love to be able to read stories from the people who now take care of the Voyager spacecrafts.
Admin
Using a well-tested and well-maintained library function is, of course, how a responsible professional would do it.
However, the point is still valid that almost anyone should be able to write something that's 99.5% effective. If they're willing to narrow the scope of data they can handle, then probably 100% effective if the method limits allowed characters to ASCII. Using string concatenation without such protection isn't done because "it's too hard", or "my dev stack doesn't support it". The only reasons to not handle SQL injection are "I don't care", or "I'm completely ignorant of the entire issue"
Admin
I'm afraid the only options are one, two, and "far too many"
Admin
I agree that this abomination is the result of it's ancestry. However, I don't think VB6 is the culprit here. Rather, this is a part name that embeds numbers within it. Somebody converted a paper business method directly into code.
As for SeamlessDoorTypeElevPricegroupPrepgroup:
I'm not sure what a "SeamlessDoor" is but I don't find "SeamlessDoorType" to be unreasonable. Next is "ElevPricegroup"--"Elev" = "Elevation". In this context, what does the front look like? There are a range of patterns that all price the same. Put a different head on the router and you get a different result but it's still the same material and the same labor. Likewise, different arch profiles are purely a matter of machine instructions. Finally, we have "Prepgroup". Some sort of processing that has multiple possible paths. The one that comes to mind is distressing, but I don't know the industry well enough to say if that's the only one. You can have normal wood or you can put it through the extra labor of making it look old.
(Background: To one degree or another the vast majority of code I have written professionally deals with cabinets. Cabinets have doors.)
Admin
To be fair, there's a chance that there is no opening for a SQL injection. Maybe the values in those variables come directly from their database and are filled internally or from their supplier's catalogue.
It's still code as ugly as the devil and maybe the SQL injection flaw is indeed there, but we can't guarantee the WTF is as bad as Remy said. (Or maybe it's even worse somehow).
Admin
Good point, me neither. So I asked the internet, and it seems to be a door without a door jamb.
Admin
rsDoorpodetsounds like something a Dutchman would call someone he really doesn't like...Admin
I continue to be flabbergasted at the number of people who insist the solution is to use well-tested publicly available library code while the app we're looking at probably predates the existence of any such library code by 20+ years.