Programming Nightmares: Get a laugh outta this!

Leave a comment Standard

I’m not sure why some programmers think it’s appropriate to run all of their code together on one line instead of making it more readable. IfIwrotelikethatinregulartextitwouldmakeyougoalittlebitcrazytryingtofigureoutwhatiwassaying! So please, if you value sanity tell me why?? Why make reading code any harder than it has to be?

Here are some funny things I’ve run into lately… you can put these on your programming “DO NOT” list. And yes, sadly enough, these are real examples of things I’ve run across although I wish I could tell you differently.

<td colspan=1>

Um, um, a column in a table inherently has a colspan of one….

'this is a -1, Y, or N
if request.Form("txtPayment") <> "" AND request.Form("txtPayment") <> "-1"

Talk about a good way to hack a script, let’s just change our variable’s data type from a character to a integer and back again! Hooray!

<script type="text/javascript">alert("<%= strSQL %>")</script>

Let’s alert the SQL to the user right before we execute it. You know…you show me yours and I’ll show you mine. Somehow I have a feeling I’ll get the short end of the stick here.

if not not not blnOk then

Double and triple negatives are pretty pointless when just one (or none) will do the trick.

var test, cur, i, ythingy,xthingy,lzr,q1,q2,q3,meany,yam

Descriptive variable names are not meant to make your fingers sore because they take longer to type out.

</form> <!--form goes to here so it doesn't gets the below button -->
 <tr>
 <td colspan="2" align="left"><a href="chapter.asp?action=file&chapter=<%= strChapterCode %>">Create Reports/Export File</a></td>
 <td colspan="1">&nbsp;</td> <!-- spaceholder -->
 <td colspan="5" align="right"><!--<input type="submit" value="Remove Checked Members" />--><button name="OpenNewWindowButton" id="OpenNewWindowButton" onClick="JavaTransmitData()" style="display:none">Remove Checked Members</button></td>
 </tr>

Let’s have fun commenting out submit buttons with HTML comments yet leave the functionality of that submit button on the page. Oh,oh, but it’ll all be okay if you move the </form> tag up! WRONG! It’s really easy to re-create your own version of the form and submit it to the same URL thus using the functionality you so cleverly commented out with HTML comments. Kiddos to you for taking the initiative to REMOVE the code that would allow someone to REMOVE DATA from your database.

...hundres of lines of code above here %>
 <!-- auto-redirect -->
 <script type="text/javascript">
 location.href="chapter.asp?action=<%= ACTION_MEMBERS %>&CHAPTER=<%= strChapterCode %>&msg=<%= strMessage %>"
 </script>
 <% ..hundreds of lines of code under here

Lets write a whole page of code in a server side programming language and then plop a javascript redirect in the middle  instead of using the language’s built in redirect functionality…

'the TRIM and quote replace is not neccessary on all these really but oh well

This comment was then followed by 38 fields being passed to a stored proceedure with trim() and replace() around them like this: trim(replace(field_name_here)). I think this one get big points for “Let’s write comments which admit we were to lazy to remove unnecessary functionality.” And we wonder why users complain about the software’s slow performance.

"select * from personal_info where id like '" & form.request("memberid") & "'

Talk about a serious security problem. Let’s see… do I want all the information from the member with an ID higher or lower then mine? Oh wait… I’m smart enough not to have an account on this software so sorry, you’re not going to be able to find my address, name or telephone number however you can sure find someone Else’s.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s