Beefy Boxes and Bandwidth Generously Provided by pair Networks
There's more than one way to do things

Re: The joys of bad code

by Juerd (Abbot)
on Oct 27, 2004 at 16:18 UTC ( #403082=note: print w/replies, xml ) Need Help??

in reply to The joys of bad code

$q = param("q"); if (!$q || $q eq ""){$q = "home";} ... $rid = md5_hex(rand(999999999999999)); ... if ($q eq "dbsetup"){ ... $dbh = DBI->connect("DBI:mysql:$MYSQL{database}:$MYSQL{serv +er}:3306",$MYSQL{user}, $MYSQL{pass},{ RaiseError => 0, AutoCommit => + 1 }); ... $dbh->do("DROP TABLE users"); $dbh->do("CREATE TABLE users (sid TEXT, user TEXT, pass TEXT, +userlevel char(1))"); ... } ... sub getmonthname{ my($nr) = @_; #my%names; $names{1} = "januari"; $names{2} = "februari"; $names{3} = "maart"; $names{4} = "april"; $names{5} = "mei"; $names{6} = "juni"; $names{7} = "juli"; $names{8} = "augustus"; $names{9} = "september"; $names{10} = "oktober"; $names{11} = "november"; $names{12} = "december"; return $names{$nr}; } ... my$email = param("email"); if ($email){$reply = $email;}else{$reply = "mailer-deamon\ +"} open (SENDMAIL,"|mail -s 'Reactie formulier CENSORED' $contactto -f $r +eply") || &printerror;
This is all the same 1200 line (a CGI script). In this script,
  • no value is escaped anywhere
  • no DBI placeholders are used
  • every SELECT is SELECT *
  • every fetch is @row = $sth->fetchrow_array
  • dates are stored in a TEXT column in dd/mm/yyyy (or dd-mm-yyyy) format
  • ... or even in three different TEXT columns
  • lexicals are used for only a third of all variables
  • the DBI->connect(...) is repeated everywhere
  • virtually no error checking is done and it is usually even explicitly disabled (RaiseError => 0)
  • half of all code is HTML
  • there are lots of if (!$foo || $foo eq "") { $foo = "..." }
  • everything is hard coded (don't let %MYSQL fool you: that too is hard coded)
  • both Dutch and English are used, sometimes even in one place: "day", "maand", "jaar" (database columns), "newsoverzicht"
  • is a banner of the proud author:
    #-----------------------------------------------# # Site Script # # # # Designed for CENSORED # # by CENSORED CENSORED CENSORED # # # #-----------------------------------------------#
Gotta love fixing broken features in this code. It is dangerously insecure, and there's no money available te replace it, and making it secure without replacing it entirely is exactly as much work.

Juerd # { site => '', plp_site => '', do_not_use => 'spamtrap' }

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://403082]
[LanX]: well too many terrorist tourists
[erix]: I guess I can pass for a native
[LanX]: talking about destruction of diving spots
[LanX]: Nodes to consider
[erix]: oops - got to run, see you later
[robby_dobby]: erix: 'appy day'ving

How do I use this? | Other CB clients
Other Users?
Others chilling in the Monastery: (12)
As of 2017-04-24 16:24 GMT
Find Nodes?
    Voting Booth?
    I'm a fool:

    Results (442 votes). Check out past polls.