The Daily WTF: Curious Perversions in Information Technology

Code Snippet Of the Day (CodeSOD) features interesting and usually incorrect code snippets taken from actual production code in a commercial and/or open source software projects.

Encrypted For Your Security

by Jake Vinson in CodeSOD on 2008-08-27

"I have been helping a guy with a project," seebs wrote, "I wasn't originally involved, but when the three-month project was six-months late, I got called in to start on the other half. I still remember the sick feeling in the pit of my stomach when the developer told me "all fields are varchar for simplicity...'"

"There's a database of users who can log in. Now, we all know that you always store the password encrypted, right? Perfect, it's stored as MD5. Here's the three relevant fields in the database:

104 comments - Last comment @ 2012-02-10

SUSBSTITUTE_CODE

by Alex Papadimoulis in CodeSOD on 2008-08-25

"Not too long after starting at my new job," Franc wrote, "I came across a rather unique way of noting what code needed to be fixed."

"This was the message came up when I went to build."

81 comments - Last comment @ 2010-05-05

pider Detection

by Alex Papadimoulis in CodeSOD on 2008-08-18

"I came across this snippet in our header file," wrote David, "it's a basic webspider detector that is used later on to record certain actions differently if $is_spider was set to 1."

"Rather than check the difference between 0 and FALSE (or use a more appropriate function), the original developer just dropped the first letter of each crawler name so that strpos doesn't return 0."

136 comments - Last comment @ 2024-06-13

Are You Sure?

by Alex Papadimoulis in CodeSOD on 2008-08-13

"There was a minor bug in one of my company's applications," Craig M wrote, "for whatever reason, it just hung after the 'Are you sure?' prompt."

"In an attempt to try and track down the problem, I popped my head into our UserInput class to ensure that the code was correctly validating the input. That's when I came across this..."

166 comments - Last comment @ 2013-07-03

More Entropy, Please

by Alex Papadimoulis in CodeSOD on 2008-08-11

As we learned in Random Stupidity, developers don't really trust rand(), random(), Random.GetNext(), etc. Nor should they. The documentation, after all, clearly states that the function "generates a pseudo-random number." That's right, pseudo. Who wants pseudo?

The neat thing about pseudo-randomness is that, if you think about it -- and you don't think too much about it -- you can actually generate a real random number by pseudo-randomizing a pseudo-randomizer a pseudo-random number of times. It's kind like how two wrongs (either wrongly done for the right reason or rightly done for the wrong reason) make a right. Really, it's simple math.

145 comments - Last comment @ 2011-03-07

Please Think Twice

by Alex Papadimoulis in CodeSOD on 2008-08-04

"While reviewing some of our older code," Rob Jacobs wrote, "I stumbled upon this."

// NOTE: Please think twice before changing the next line of code ;-D
// Store float binary in char array
*((unsigned int*)(&x[4])) = *((unsigned int*)(&value));

108 comments - Last comment @ 2009-09-04

Recent CodeSOD