in reply to The joys of bad code
This is all the same 1200 line index.pl (a CGI script). In this script,$q = param("q"); if (!$q || $q eq ""){$q = "home";} ... $rid = md5_hex(rand(999999999999999)); ... if ($q eq "dbsetup"){ ... $dbh = DBI->connect("DBI:mysql:$MYSQL{database}:$MYSQL{serv +er}:3306",$MYSQL{user}, $MYSQL{pass},{ RaiseError => 0, AutoCommit => + 1 }); ... $dbh->do("DROP TABLE users"); $dbh->do("CREATE TABLE users (sid TEXT, user TEXT, pass TEXT, +userlevel char(1))"); ... } ... sub getmonthname{ my($nr) = @_; #my%names; $names{1} = "januari"; $names{2} = "februari"; $names{3} = "maart"; $names{4} = "april"; $names{5} = "mei"; $names{6} = "juni"; $names{7} = "juli"; $names{8} = "augustus"; $names{9} = "september"; $names{10} = "oktober"; $names{11} = "november"; $names{12} = "december"; return $names{$nr}; } ... my$email = param("email"); if ($email){$reply = $email;}else{$reply = "mailer-deamon\@CENSORED.nl +"} open (SENDMAIL,"|mail -s 'Reactie formulier CENSORED' $contactto -f $r +eply") || &printerror;
- no value is escaped anywhere
- no DBI placeholders are used
- every SELECT is SELECT *
- every fetch is @row = $sth->fetchrow_array
- dates are stored in a TEXT column in dd/mm/yyyy (or dd-mm-yyyy) format
- ... or even in three different TEXT columns
- lexicals are used for only a third of all variables
- the DBI->connect(...) is repeated everywhere
- virtually no error checking is done and it is usually even explicitly disabled (RaiseError => 0)
- half of all code is HTML
- there are lots of if (!$foo || $foo eq "") { $foo = "..." }
- everything is hard coded (don't let %MYSQL fool you: that too is hard coded)
- both Dutch and English are used, sometimes even in one place: "day", "maand", "jaar" (database columns), "newsoverzicht"
- is a banner of the proud author:
#-----------------------------------------------# # Site Script # # # # Designed for CENSORED # # by CENSORED CENSORED CENSORED # # # #-----------------------------------------------#
Juerd # { site => 'juerd.nl', plp_site => 'plp.juerd.nl', do_not_use => 'spamtrap' }
|
---|
In Section
Meditations