Beefy Boxes and Bandwidth Generously Provided by pair Networks
more useful options
 
PerlMonks  

Re: The joys of bad code

by Juerd (Abbot)
on Oct 27, 2004 at 16:18 UTC ( [id://403082]=note: print w/replies, xml ) Need Help??


in reply to The joys of bad code

$q = param("q"); if (!$q || $q eq ""){$q = "home";} ... $rid = md5_hex(rand(999999999999999)); ... if ($q eq "dbsetup"){ ... $dbh = DBI->connect("DBI:mysql:$MYSQL{database}:$MYSQL{serv +er}:3306",$MYSQL{user}, $MYSQL{pass},{ RaiseError => 0, AutoCommit => + 1 }); ... $dbh->do("DROP TABLE users"); $dbh->do("CREATE TABLE users (sid TEXT, user TEXT, pass TEXT, +userlevel char(1))"); ... } ... sub getmonthname{ my($nr) = @_; #my%names; $names{1} = "januari"; $names{2} = "februari"; $names{3} = "maart"; $names{4} = "april"; $names{5} = "mei"; $names{6} = "juni"; $names{7} = "juli"; $names{8} = "augustus"; $names{9} = "september"; $names{10} = "oktober"; $names{11} = "november"; $names{12} = "december"; return $names{$nr}; } ... my$email = param("email"); if ($email){$reply = $email;}else{$reply = "mailer-deamon\@CENSORED.nl +"} open (SENDMAIL,"|mail -s 'Reactie formulier CENSORED' $contactto -f $r +eply") || &printerror;
This is all the same 1200 line index.pl (a CGI script). In this script,
  • no value is escaped anywhere
  • no DBI placeholders are used
  • every SELECT is SELECT *
  • every fetch is @row = $sth->fetchrow_array
  • dates are stored in a TEXT column in dd/mm/yyyy (or dd-mm-yyyy) format
  • ... or even in three different TEXT columns
  • lexicals are used for only a third of all variables
  • the DBI->connect(...) is repeated everywhere
  • virtually no error checking is done and it is usually even explicitly disabled (RaiseError => 0)
  • half of all code is HTML
  • there are lots of if (!$foo || $foo eq "") { $foo = "..." }
  • everything is hard coded (don't let %MYSQL fool you: that too is hard coded)
  • both Dutch and English are used, sometimes even in one place: "day", "maand", "jaar" (database columns), "newsoverzicht"
  • is a banner of the proud author:
    #-----------------------------------------------# # Site Script # # # # Designed for CENSORED # # by CENSORED CENSORED CENSORED # # # #-----------------------------------------------#
Gotta love fixing broken features in this code. It is dangerously insecure, and there's no money available te replace it, and making it secure without replacing it entirely is exactly as much work.

Juerd # { site => 'juerd.nl', plp_site => 'plp.juerd.nl', do_not_use => 'spamtrap' }

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://403082]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others examining the Monastery: (6)
As of 2024-03-28 23:23 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found