|
bobthecheese posted:I... I give up. Seriously, gently caress. I'm out.
|
#
?
Oct 3, 2012 03:31
|
|
|
|
| # ? May 27, 2024 09:15 |
|
|
Freakus posted:Is "ConnectToDatabase" really used to execute a query? Connect-query-disconnect is not uncommon among clueless newbies.
|
|
#
?
Oct 3, 2012 05:46
|
|
|
If connect->query->disconnect is not good, then what's the proper way to do it? Connect->run all queries needed->disconnect?
|
|
#
?
Oct 3, 2012 06:13
|
|
|
McGlockenshire posted:Connect-query-disconnect is not uncommon among clueless newbies. It's actually not that bad, thankfully (it may have been at some point in the past). It's a wrapper around mysql_query with some basic error handling, analytics, etc. In general, with PHP, the process is: Connect -> run all your queries -> forget about it because PHP will disconnect automatically
|
|
#
?
Oct 3, 2012 06:27
|
|
|
Quote-Unquote posted:PHP has a lot of silly poo poo but strtotime is the most awesome solution I've seen for dealing with dates.
|
|
#
?
Oct 3, 2012 06:29
|
|
|
The formats understood by strtotime are very well-defined. As long as you're not throwing pathologically poorly formed input at it, it works pretty darn well. Letting users type "+8 weekdays" in a date field and have it just work is pretty nifty.
|
|
#
?
Oct 3, 2012 06:41
|
|
|
Honestly, having a built-in library routine to turn a user-defined string into a date is a good thing, because it gives you consistency across applications instead of everyone developing their own, subtly different version. Whether the PHP implementation is good or not, I have no clue. But the idea is good.
|
|
#
?
Oct 3, 2012 07:30
|
|
|
McGlockenshire posted:The formats understood by strtotime are very well-defined. As long as you're not throwing pathologically poorly formed input at it, it works pretty darn well. Here's the problem: http://en.wikipedia.org/wiki/Date_format_by_country
|
|
#
?
Oct 3, 2012 08:06
|
|
-S- posted:A new(er) developer that read the analyst's (me) requirements and carried them out in code to a T? I've seen junior devs do things like that quite a bit. Maybe we just recruit terrible junior devs. So, you would write requirements that say, "Fetch all rows, then, if there are more than 500, go back and fetch the first 500, again," instead of, "Only fetch the first 500 rows?" Or, am I missing some obvious case where the requirements might look as if they called for such behavior?
|
|
|
#
?
Oct 3, 2012 08:48
|
|
|
I could see requirements written as "display rows from this table; if there are more than 500 rows, only display the first 500".
|
|
#
?
Oct 3, 2012 09:07
|
|
|
Aleksei Vasiliev posted:What? From looking at it I'm pretty sure it's an awful solution. What makes you say that? The only real problems I've ever found (as mentioned above) are when you've got varying date formats, like using '/' instead of '-' makes PHP think you're dealing with a different international date format, etc. So long as you're aware of that it can be incredibly useful, especially for incrementing dates and times without having to worry about DST and leap years etc. It can parse silly poo poo like "third wednesday march 2013 noon" correctly.
|
|
#
?
Oct 3, 2012 10:00
|
|
|
09.10.11 Is that 9th of October 2011, 10th of September 2011, 11th of October 2009, or 10 minutes and 11 seconds past 9 am (or pm)?
|
|
#
?
Oct 3, 2012 10:47
|
|
|
nielsm posted:09.10.11 Point taken. What's a better way of dealing with dates from multiple date format zones then?
|
|
#
?
Oct 3, 2012 11:11
|
|
|
ISO 8601?
|
|
#
?
Oct 3, 2012 11:13
|
|
|
Quote-Unquote posted:Point taken. What's a better way of dealing with dates from multiple date format zones then? Time strings (and numbers and other things) are meaningless without locale/culture context. Always make sure to parse according to format your UI user is expecting. This is probably the biggest source of fuckups in software localization.
|
|
#
?
Oct 3, 2012 11:21
|
|
|
omeg posted:Time strings (and numbers and other things) are meaningless without locale/culture context. Always make sure to parse according to format your UI user is expecting. Any time I have any user input on a date or time it won't just be a string, rather separate boxes for day, month, year etc. Then anything I need to do in PHP will put these back together in ISO 8601 format. strtotime becomes incredibly useful when I need to do anything with that user input, like add or subtract a particular unit of time. But I'm assuming now that DST will be a problem because strtotime will take into account DST changes in the local timezone and not necessarily the user's timezone. Whoops. I guess I need to establish what the user's timezone and take that into account.
|
|
#
?
Oct 3, 2012 11:32
|
|
|
Jabor posted:I could see requirements written as "display rows from this table; if there are more than 500 rows, only display the first 500". Pretty much this. Requirements have to be able to be understood by, in some cases, completely clueless clients, and so sometimes they are worded in a suboptimal way.
|
|
#
?
Oct 3, 2012 13:16
|
|
|
nielsm posted:09.10.11 This is not a complaint against strtotime, there's no automated system that can properly parse this. At some point you'll have to enforce a date format.
|
|
#
?
Oct 3, 2012 14:20
|
|
|
omeg posted:Time strings (and numbers and other things) are meaningless without locale/culture context. Always make sure to parse according to format your UI user is expecting. This, a million times this. I've worked on a fairly large code base where date "parsing" was done by splitting up strings and then using switch statements to detect the 3 letter month name. With every language that didn't use the "standard" abbreviations being handled as a special case. That is, if there was a clash between an abbreviation in two languages the body of the case picked it up with an if statement. This was in C#, a language with superb localisation facilities.
|
|
#
?
Oct 3, 2012 17:25
|
|
|
Our move to Zend has improved our code significantly.php:<?
if(isset($_POST['username']) && $_POST['password']) {
$username = $_POST['username'];
$password = $_POST['password'];
//run the query
$userQuery = $this->_db->query("SELECT * FROM users WHERE user = '".$username."' AND password = '".$password."'");?> The person in charge of the rewrite still has no idea what he's doing. I don't know Zend at all either (it is on my list of things to learn), but even I know that Zend has prepared queries and table objects built-in.
|
|
#
?
Oct 3, 2012 17:50
|
|
|
The worst thing there isn't any of the code, it's the fact that there doesn't seem to be any kind of encrypting of the password that is truly the coding horror.
|
|
#
?
Oct 3, 2012 18:04
|
|
|
Strong Sauce posted:The worst thing there isn't any of the code, it's the fact that there doesn't seem to be any kind of encrypting of the password that is truly the coding horror. I think the code is pretty bad for presenting a gaping injection vulnerability.
|
|
#
?
Oct 3, 2012 18:07
|
|
|
Hammerite posted:I think the code is pretty bad for presenting a gaping injection vulnerability. ' OR 1=1; -- Everyone's favourite password.
|
|
#
?
Oct 3, 2012 18:10
|
|
|
Yes. No encryption (strike 1), no escaping (strike 2), and not even using Zend's basic database class for a prepared query (strike 3). We had three different areas to our (pre-Zend) site, and they all take different logins. One's stored in plaintext, one's just a basic MD5 hash, and one accepts either plaintext or a sha256-with-salt hash (that is, of course, repeated in every file instead of being defined in a function). This was supposed to be the part where we made the code into something not a horror, but it looks like he's just pasting code from the old poo poo into a controller in Zend and calling it done.  Zombywuf posted:' OR 1=1; -- You can squeeze that down to just ' OR 1; -- if you want to shave off two bytes or so. 
|
|
#
?
Oct 3, 2012 18:41
|
|
|
Hammerite posted:I think the code is pretty bad for presenting a gaping injection vulnerability. Surely the best part of it all has to be the comment.
|
|
#
?
Oct 3, 2012 18:46
|
|
|
Huh. I just got a look at our Java code, all of the variables have names like hm (for a hashmap) or rs (for a result set). This is going to be fun.
|
|
#
?
Oct 3, 2012 21:29
|
|
|
Zamujasa posted:
It's like the guy thinks once you call isset it applies to everything else in the if statement.
|
|
#
?
Oct 4, 2012 00:24
|
|
|
McGlockenshire posted:Connect-query-disconnect is not uncommon among clueless newbies. There was a good one on stackoverflow today: create stored procedure-execute-delete and repeat. This one has to be a winner of something, Patrick posted:I have one huge C file. Within the file, there is a giant struct (~>1million lines). MrMoo fucked around with this message at 02:44 on Oct 4, 2012 |
|
#
?
Oct 4, 2012 02:35
|
|
|
Optimus Prime Ribs posted:It's like the guy thinks once you call isset it applies to everything else in the if statement. Haha, I didn't even notice that. I've started using a helper function to get around that crap: php:<?
function ret(&$val) {
return (isset($val)) ? $val : null;
}
?>(isset() still has its uses, however.)
|
|
#
?
Oct 4, 2012 03:59
|
|
|
PHP code:
|
|
#
?
Oct 4, 2012 07:37
|
|
|
Let's try something different. Anybody know this one? JavaScript trivia: in ES5.1 (so no cheating with let), what's the one place that has proper lexical block scoping?
|
|
#
?
Oct 4, 2012 07:55
|
|
|
Wheany posted:$key and $key2 are never used, $value and $value2 are reused multiple times. $value2 is reused once. I don't see how $value is reused?
|
|
#
?
Oct 4, 2012 07:56
|
|
|
Suspicious Dish posted:$value2 is reused once. I don't see how $value is reused? Well, that was just a snippet typed from memory for illustration. The actual code has multiple foreach ($someArray as $key => $value) blocks. "$key => $value" and "$key2 => $value2" are in our code verbatim. What bothers me is that the code is so obviously copy-pasted from php examples.
|
|
#
?
Oct 4, 2012 08:07
|
|
|
Yeah it looks to me a lot like "this is the only way I know of to loop through stuff".
|
|
#
?
Oct 4, 2012 08:13
|
|
|
Wheany posted:
ignoring the other issues, I don't think it's a big deal to iterate over an associative array like that even if the keys will never be used in the loop body. better to make it obvious to later maintainers that the array is associative than to go for the most brevity, IMO
|
|
#
?
Oct 4, 2012 08:17
|
|
|
Deus Rex posted:ignoring the other issues, I don't think it's a big deal to iterate over an associative array like that even if the keys will never be used in the loop body. better to make it obvious to later maintainers that the array is associative than to go for the most brevity, IMO I'm not even sure if the arrays are used in an associative manner in this case.
|
|
#
?
Oct 4, 2012 08:32
|
|
|
Suspicious Dish posted:Let's try something different. Anybody know this one?
|
|
#
?
Oct 4, 2012 09:32
|
|
|
Deus Rex posted:ignoring the other issues, I don't think it's a big deal to iterate over an associative array like that even if the keys will never be used in the loop body. better to make it obvious to later maintainers that the array is associative than to go for the most brevity, IMO Aren't PHP "arrays" always associative?
|
|
#
?
Oct 4, 2012 10:17
|
|
|
LOOK I AM A TURTLE posted:Aren't PHP "arrays" always associative? yes, that's true — I guess what I meant by associative was 'arrays with keys which are non-consecutive, and possibly non-integer starting from something other than 0'
|
|
#
?
Oct 4, 2012 10:28
|
|
|
|
| # ? May 27, 2024 09:15 |
|
|
LOOK I AM A TURTLE posted:Aren't PHP "arrays" always associative? Yeah PHP arrays kind of roll both lists and dictionaries into one unsatisfying data structure. Technically all PHP arrays are associative no matter what but like Deus Rex says, sometimes arrays occur with 0, 1, ..., n as the keys and sometimes they are "true" associative arrays.
|
|
#
?
Oct 4, 2012 10:52
|
|