• (disco)

    This is like the 3rd or 4th instance of a deeply nested replace on this site. It still makes me shiver.

  • (disco) in reply to LB_

    At least you get a nice big tree when formatted!

  • (disco) in reply to LB_
    LB_:
    This is like the 3rd or 4th instance of a deeply nested replace on this site. It still makes me shiver.

    There is a reason why the infamous Darwin Award has "too common" as a disqualifier.

  • (disco)

    I wonder whether somebody, being too clever for their own good (how I hate that phrase, even when I use it myself) has built an automatic replace-method writer. Not realising that it's possible to write just one "replace" method and pass it the appropriate parameters, they have set themselves up to write a different replace for each of the situations where they want to do this replacing operation, but a different one according to the needs of the situation.

    Their automatic replace-method generation tool does something like: "Enter the charicter you want to repalce.(gohome for fin ish) "Enter the charicter you want ot replaced with" and it then goes round and round till you enter gohome. At that point it then generates your automatic Replace generator.

    Note that I have failthfully retained the various typos and instances of diskexya.

  • (disco)

    I think the author of that code utterly disliked regular expressions. Maybe it was blakey — he dislikes regular expressions too.

  • (disco) in reply to wft
    wft:
    I think the author of that code utterly disliked regular expressions. Maybe it was blakey — he dislikes regular expressions too.

    Too well-indented and professionally laid out for blakey. He would have put everything on one line.

  • (disco)

    select regexp_replace('/An/Ilegal%File', '[]/%ùòàè°$£&?§^()#+[;:@ç<>. ]', '_') from dual;

    _An_I_legal_File

  • (disco) in reply to Johan_Kaewberg
    Johan_Kaewberg:
    select regexp_replace('/An/I*legal%File', '[]/*%ùòàè°$£&\?§^()#+[;:@ç<>. ]', '_') from dual;

    Yeah good job. Let's put that into prod. (:laughing:)

  • (disco) in reply to Johan_Kaewberg

    Remind me again why we're doing a roundtrip to the database to do string cleaning?

  • (disco)

    What's the result of the function when an exception is thrown? Does it rethrow after logging (TRWTF)? Or does it return some unexpected value?

  • (disco) in reply to Arantor

    Yea, not to mention why they (try to) remove the bad chars instead of doing it the proper way of only using the good chars (whitelist instead of blacklist).

    Then you could use a regexp like this one (perl)

    $tainted_var =~/([\w.-/\s]+)/; $sanitised_var = $1;

    and be done with it.

    It is actually one of the first things you should learn about user input, never try to remove the bad things, only get the good things (which you define explicitly) and discard the rest, as you will eventually miss one or more bad things if you try to do it the way it is done in this WTF.....

  • (disco) in reply to Arantor
    Arantor:
    Remind me again why we're doing a roundtrip to the database to do string cleaning?
    Who says it's a round trip? PL/SQL can do all sorts of shit.
  • (disco) in reply to ChrisH

    Wouldn't you keep that stuff in the application before it even hits stored procs?

  • (disco) in reply to Quite
    Quite:
    He would have put everything on one line.

    But wouldn't THAT be the professional behavior? Saving valuable vertical screen space?

  • (disco) in reply to dkf
    dkf:
    What's the result of the function when an exception is thrown? Does it rethrow after logging (TRWTF)? Or does it return some unexpected value?

    Retry, I suppose. Ignoring all exceptions. We can't bother the user with cryptic error message or risk any illegal character to pass, can we? [spoiler]see raw[/spoiler]

    ``` while (true) { try { // do replacement stuff break; } catch { // silently ignore any exception // OTOH, it might be funmore sensible to log the exception? // oh, and while we're at it: don't forget to number those exceptions' messages // so that the logger won't suppress them }; }; ```
  • (disco)

    If I saw this in code I had to maintain, I'd utter something filthy, too.

    At least all the left parens make me feel at home, though.

    (define (replace n)
      (replace n))
    
  • (disco)

    I can't believe anyone would write that kind of code and not think "wait, I must be doing something wrong"...

  • (disco)

    Which, the article's WTF or the infinite recursion in my post? I mean, at least I knew that what I was writing was a joke...

  • (disco) in reply to Arantor
    Arantor:
    Remind me again why we're doing a roundtrip to the database to do string cleaning?

    Usually because you can't be certain that only one application will be writing to the same database, so the same methods need to be available to multiple programs.

  • (disco) in reply to BaconBits

    And there's no better way of doing that than, say, a library?

  • (disco) in reply to Arantor
    Arantor:
    And there's no better way of doing that than, say, a library?

    What about when you need to fix a data validation bug? With a library, you have to update all the applications that use it.

  • (disco) in reply to LB_

    The fact that you'd have to rewrite all library calls when you update a library kind of defeats the purpose of the library and is a bit of a WTF in itself...

  • (disco)
    Why
     is
      it
       all
        these
         types 
          have
           to
            indent
             and
              indent
               and
                indent
                 and
                  indent
                   ...
    

    The way they're using REPLACE, they could just do this:

    p_file_name_end := REPLACE(p_file_name    ,'!','_');
    p_file_name_end := REPLACE(p_file_name_end,'@','_');
    p_file_name_end := REPLACE(p_file_name_end,'$','_');
    p_file_name_end := REPLACE(p_file_name_end,'%','_');
      .
      .
      .
    

    I mean, assuming you have to use REPLACE this way—not that I see this as anything but idiotic—but assuming you did, your efficiency problem is REPLACE...the assignments wouldn't even be noticed.

    So flatten it, yeesh.

    Or is there some droid who goes around saying, "All those assignments are horribly inefficient, what's wrong with you, nest all those expressions or this code will be the cause of all our performance problems!"

  • (disco) in reply to tom103

    YMBNH. People who only know how to use one tool use it all the time and don’t think twice about using it again, let alone whether another tool might do the current job better.

  • (disco) in reply to Gurth

    Oh, I'm not new at all on TDWTF... but even tough I've seen hundreds of WTFs, I keep being amazed at human stupidity.

  • (disco) in reply to CoyneTheDup
    CoyneTheDup:
    Or is there some droid who goes around saying, "All those assignments are horribly inefficient, what's wrong with you, nest all those expressions or this code will be the cause of all our performance problems!"

    Oddly enough, old versions of the Progress language preferred something like this. The language is compiled into some kind of pseudo-asm or something. Back in the 16-bit era, the compiled file had a bunch of 64K limits in it, including (oversimplified) a statement section. You had two ways of doing assignments,

    a = 12.
    b = 13.
    c = "Hi there!!".
    

    That's three statements. On the other hand,

    assign
        a = 12
        b = 13
       c = "Hi there!!".
    

    is only one statement. If a given program got close to the section limit you could make some headroom by combining assignments.

  • (disco)

    Not enterprisey enough. It needs more XML.

  • (disco) in reply to PWolff
    PWolff:
    Retry, I suppose. Ignoring all exceptions. We can't bother the user with cryptic error message or risk any illegal character to pass, can we?

    Wait, why put your code in a hidden div? And why in the world does Discourse let you create hidden divs?

  • (disco) in reply to ufmace
    ufmace:
    why in the world does Discourse

    Some questions are best left unanswered. "Why does Discourse...?" only leads to madness.

  • (disco) in reply to HardwareGeek
    HardwareGeek:
    Some questions are best left unanswered. "Why does Discourse...?" only leads to madness.

    I suppose the real answer is "Because Jeff"

  • (disco) in reply to Johan_Kaewberg
    Johan_Kaewberg:
    select regexp_replace('/An/I*legal%File', '[]/*%ùòàè°$£&\?§^()\#+[;:@ç<>. ]', '_') from dual; > \_An_I_legal_File

    Eh, I'd rather use:

    SELECT TRANSLATE('/An/I*legal%File','/*%ùòàèùìé°$£&?§^()\#+[];:@ç<>. ','________________________________')
    FROM DUAL
    

    Although truthfully I'd rather see a whitelist method that would replace every character that's not in a valid list. That is to say, instead of replacing a fixed list of characters, you just replacing every character except, say, A-Z, a-z and 0-9.

  • (disco) in reply to Arantor

    What advantage does a library offer over a database function or stored procedure? You'd essentially have to have a different library for every platform and programming language you wanted to support, and you'd then have even more code to support and more code to worry about not being backwards compatible. What good is a data normalization function if any 3rd party would be virtually guaranteed to have a different version of it when you needed to update it?

    Why do that when you get the exact same feature with a database function?

  • (disco) in reply to ufmace
    ufmace:
    And why in the world does Discourse let you create hidden divs?

    And why on earth does it not

    strip it
    from the final post?

  • (disco) in reply to BaconBits
    BaconBits:
    That is to say, instead of replacing a fixed list of characters, you just replacing every character except, say, A-Z, a-z and 0-9.

    I think it also isn't wonderful at doing sane stuff when you give it input with multiple non-ASCII characters in a row.

  • (disco) in reply to FrostCat
    FrostCat:
    Back in the 16-bit erabutton shoes era, the compiled file had a bunch of 64K limits [because who would want more than that?] in it, including (oversimplified) a statement section.

    I know...but what's their excuse these days?

  • (disco) in reply to CoyneTheDup
    CoyneTheDup:
    I know...but what's their excuse these days?

    Well, they fixed the problem, for some values of "fixed". (That is to say, the fix was essentially a very large bandaid, one that makes the problem effectively never happen.)

  • (disco)

    Could be that this was inherited from an Oracle system prior to the advent of regexp_replace. I recall working on Oracle 8i systems that had no regex functionality, and syscalls were forbidden by DBA (unthinking) policy. I think I ended up with an array of characters i wanted to replace, and a loop over each character in the source string. Or maybe a bunch of substring and left()s or something.

Leave a comment on “Utter Filth”

Log In or post as a guest

Replying to comment #:

« Return to Article