Annie works in a bioinformatics department. There's a lot of internally developed code, and the quality is… special. But it's also got features that are on their critical path of doing their jobs.
One example is that, based on one input form, the next input form needs to display a drop down. The drop down elements don't change, but the individual item that's selected does. So, if the rank
HTTP POST variable is set, we want to make sure the matching entry is selected.
if(isset($_POST['rank'])){
if($_POST['rank']=='superkingdom'){
echo "<option selected='selected'>superkingdom</option>";
echo "<option>phylum</option>";
echo "<option>class</option>";
echo "<option>order</option>";
echo "<option>family</option>";
echo "<option>genus</option>";
echo "<option>species</option>";
}elseif($_POST['rank']=='phylum'){
echo "<option>superkingdom</option>";
echo "<option selected='selected'>phylum</option>";
echo "<option>class</option>";
echo "<option>order</option>";
echo "<option>family</option>";
echo "<option>genus</option>";
echo "<option>species</option>";
}
elseif($_POST['rank']=='class'){
echo "<option>superkingdom</option>";
echo "<option>phylum</option>";
echo "<option selected='selected'>class</option>";
echo "<option>order</option>";
echo "<option>family</option>";
echo "<option>genus</option>";
echo "<option>species</option>";
}
elseif($_POST['rank']=='order'){
echo "<option>superkingdom</option>";
echo "<option>phylum</option>";
echo "<option>class</option>";
echo "<option selected='selected'>order</option>";
echo "<option>family</option>";
echo "<option>genus</option>";
echo "<option>species</option>";
}
elseif($_POST['rank']=='family'){
echo "<option>superkingdom</option>";
echo "<option>phylum</option>";
echo "<option>class</option>";
echo "<option>order</option>";
echo "<option selected='selected'>family</option>";
echo "<option>genus</option>";
echo "<option>species</option>";
}
elseif($_POST['rank']=='genus'){
echo "<option>superkingdom</option>";
echo "<option>phylum</option>";
echo "<option>class</option>";
echo "<option>order</option>";
echo "<option>family</option>";
echo "<option selected='selected'>genus</option>";
echo "<option>species</option>";
}
elseif($_POST['rank']=='species'){
echo "<option>superkingdom</option>";
echo "<option>phylum</option>";
echo "<option>class</option>";
echo "<option>order</option>";
echo "<option>family</option>";
echo "<option>genus</option>";
echo "<option selected='selected'>species</option>";
}
}
Talk about duplicated code. And, of course, there's no else clause.
And, of course, there's a bonus SQL injection attack that Annie found:
$sql = "SELECT locus,accession,length,date,definition,organisim,host".
" FROM `gb` WHERE organisim LIKE '%".$_POST['orgname']."%'";