Beefy Boxes and Bandwidth Generously Provided by pair Networks
Pathologically Eclectic Rubbish Lister
 
PerlMonks  

Re: The joys of bad code

by Juerd (Abbot)
on Oct 27, 2004 at 16:18 UTC ( #403082=note: print w/ replies, xml ) Need Help??


in reply to The joys of bad code

$q = param("q"); if (!$q || $q eq ""){$q = "home";} ... $rid = md5_hex(rand(999999999999999)); ... if ($q eq "dbsetup"){ ... $dbh = DBI->connect("DBI:mysql:$MYSQL{database}:$MYSQL{serv +er}:3306",$MYSQL{user}, $MYSQL{pass},{ RaiseError => 0, AutoCommit => + 1 }); ... $dbh->do("DROP TABLE users"); $dbh->do("CREATE TABLE users (sid TEXT, user TEXT, pass TEXT, +userlevel char(1))"); ... } ... sub getmonthname{ my($nr) = @_; #my%names; $names{1} = "januari"; $names{2} = "februari"; $names{3} = "maart"; $names{4} = "april"; $names{5} = "mei"; $names{6} = "juni"; $names{7} = "juli"; $names{8} = "augustus"; $names{9} = "september"; $names{10} = "oktober"; $names{11} = "november"; $names{12} = "december"; return $names{$nr}; } ... my$email = param("email"); if ($email){$reply = $email;}else{$reply = "mailer-deamon\@CENSORED.nl +"} open (SENDMAIL,"|mail -s 'Reactie formulier CENSORED' $contactto -f $r +eply") || &printerror;
This is all the same 1200 line index.pl (a CGI script). In this script,
  • no value is escaped anywhere
  • no DBI placeholders are used
  • every SELECT is SELECT *
  • every fetch is @row = $sth->fetchrow_array
  • dates are stored in a TEXT column in dd/mm/yyyy (or dd-mm-yyyy) format
  • ... or even in three different TEXT columns
  • lexicals are used for only a third of all variables
  • the DBI->connect(...) is repeated everywhere
  • virtually no error checking is done and it is usually even explicitly disabled (RaiseError => 0)
  • half of all code is HTML
  • there are lots of if (!$foo || $foo eq "") { $foo = "..." }
  • everything is hard coded (don't let %MYSQL fool you: that too is hard coded)
  • both Dutch and English are used, sometimes even in one place: "day", "maand", "jaar" (database columns), "newsoverzicht"
  • is a banner of the proud author:
    #-----------------------------------------------# # Site Script # # # # Designed for CENSORED # # by CENSORED CENSORED CENSORED # # # #-----------------------------------------------#
Gotta love fixing broken features in this code. It is dangerously insecure, and there's no money available te replace it, and making it secure without replacing it entirely is exactly as much work.

Juerd # { site => 'juerd.nl', plp_site => 'plp.juerd.nl', do_not_use => 'spamtrap' }


Comment on Re: The joys of bad code
Select or Download Code

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://403082]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others making s'mores by the fire in the courtyard of the Monastery: (9)
As of 2014-12-28 10:02 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    Is guessing a good strategy for surviving in the IT business?





    Results (180 votes), past polls