Posted by Jorge Bernal April 13, 2006
This one is definitely winning my personal contest of worst code piece ever by now:
function saveform()
{
var firstName = escapeSql(mainForm.elements.txtFirstName.value);
var lastName = escapeSql(mainForm.elements.txtLastName.value);
/* ... */
var offerCode = escapeSql(mainForm.elements.txtOfferCode.value);
var code =
' $cn = mssql_connect($DB_SERVER, $DB_USERNAME, $DB_PASSWORD) ' +
' or die("ERROR: Cannot Connect to $DB_SERVER"); ' +
' $db = mssql_select_db($DB_NAME, $cn); ' +
' ' +
' if (mssql_query("SELECT 1 FROM APPS WHERE SSN=\''+ssn+'\'", $cn)) ' +
' { $ins = false; } ' +
' else ' +
' { $ins = true; } ' +
' ' +
' if ($ins) { ' +
' $sql = "INSERT INTO APPS (FIRSTNM, LASTNM, ..., OFFERCD) VALUES ("; ' +
' $sql+= "\''+firstName+'\',"; ' +
' $sql+= "\''+lastName+'\',"; ' +
' $sql+= "\''+offerCode+'\')"; ' +
' ' +
' /* ... */ ' +
' ' +
' mssql_query($sql, $cn); ' +
' mssql_close($cn); ';
execPhp(code);
}
I wonder who’d kill who if someone saves the HTML code and changes $sql to DELETE FROM APPS.
Via Client-side PHP
Posted in WTF? | 3 Comments »
Posted by Jorge Bernal April 11, 2006
Here’s some code if anyone might find it interesting. I usually put FIXME comments in my code. As much usually I forgot abut them ;P
So here’s FixmeFinder. A ruby class to find lines which contain the string “FIXME” in a bunch of files. Sounds silly but if it’s useful to me, it may be for someone else.
I also use a rake task to find fixmes:
desc "Find FIXMEs in the code"
task :fixme do
patterns = %w[
lib/**/*.rb
schema/**/*.sqlr
]
FixmeFinder.new(patterns).find
end
It outputs something like:
$ rake fixme
schema/actions.sqlr:448: Check this type
schema/actions.sqlr:450: Check this type
Posted in Uncategorized | 3 Comments »
Posted by Jorge Bernal April 11, 2006
It’s in the news today in Spain. The new sensation in Mexico is a 9 year old bullfighter [Spanish].
Well, bullfighting is a well-established tradition in Spain and some american countries, but after all it’s still murdering. The UNESCO has stated that bullfighting is torturing and killing animals in public.
If the Rigths of Child convention says:
Article 83
[…]
3. States Parties shall refrain from recruiting any person who has not attained the age of fifteen years
into their armed forces. In recruiting among those persons who have attained the age of fifteen years
but who have not attained the age of eighteen years, States Parties shall endeavour to give priority to
those who are oldest.
Why the hell is accepted and not prosecuted a 9 year old kid killing innocent bulls? OK, let’s say human lifes are more valuable for us than bulls lifes. But anyway, IIRC the point of this convention with respect to intervention of children in armed conflicts was not the fact of killing human beings, but the psychological consequences in the child caused by becoming a murderer at an early age. From this perspective, children should be protected to be killers, no matter if they kill a man, another kid, a bull or a cat.
By the way, I feel ashamed to live in a country were not only is legal to kill animals, but people pays to watch and cheer it.
Posted in Uncategorized | 6 Comments »
Posted by Jorge Bernal April 05, 2006
It’s Health Problems Related to the Geek Lifestyle:
If I were to go and try to run a few miles this weekend, I would not be able to easily do so. My muscles are just out of shape from my lack of exercise over the last few months. However, if you take one of the these college basketball athletes, any of them would be able to run miles without even breathing heavy. However, if you made them sit down and try to learn Java for 12 hours a day, most of them would be asleep at their desk before lunch.
The typical geek trains their brain to be heavily focused while multitasking day after day. Is it surprising that this same brain does not do well when forced to isolate down to one task? Listening in a meeting is a very isolated, very passive event. Coding, developing, debugging — these are not passive at all. The geek brain is just not trained to sit quietly and listen.
Posted in Uncategorized | 1 Comment »
