Worst Peice of Code in the World
-
I found this small nugget of code buried in a sea obsurity. I was speachless and could not figure out why someone would ever write such a piece nonsense. Whats worse :omg: is this is currently running live. ########################### string text1 = string.Concat(new object[] { "INSERT INTO Policy \r\n\t\t\t\t(\r\n\t\t\t\t\tProductID, \r\n\t\t\t\t\tschemeGroupID, \r\n\t\t\t\t\tCreatedBy\r\n\t\t\t\t) \r\n\t\t\t\tVALUES \r\n\t\t\t\t(\r\n\t\t\t\t\t", num1, ", \r\n\t\t\t\t\t", this.QuoteSelected.SchemeGroupID, ", \r\n\t\t\t\t\t'", this.CreatedBy, "'\r\n\t\t\t\t);\r\n\t\t\t\tSELECT @@IDENTITY;" }); text1 = text1.Replace("\n", ""); text1 = text1.Replace("\t", ""); text1 = text1.Replace("\r", ""); SqlConnection connection1 = new SqlConnection(Config.ConnectionString); SqlCommand command1 = new SqlCommand(text1, connection1); ###########################
Look where you want to go not where you don't want to crash. Bikers Bible
-
I found this small nugget of code buried in a sea obsurity. I was speachless and could not figure out why someone would ever write such a piece nonsense. Whats worse :omg: is this is currently running live. ########################### string text1 = string.Concat(new object[] { "INSERT INTO Policy \r\n\t\t\t\t(\r\n\t\t\t\t\tProductID, \r\n\t\t\t\t\tschemeGroupID, \r\n\t\t\t\t\tCreatedBy\r\n\t\t\t\t) \r\n\t\t\t\tVALUES \r\n\t\t\t\t(\r\n\t\t\t\t\t", num1, ", \r\n\t\t\t\t\t", this.QuoteSelected.SchemeGroupID, ", \r\n\t\t\t\t\t'", this.CreatedBy, "'\r\n\t\t\t\t);\r\n\t\t\t\tSELECT @@IDENTITY;" }); text1 = text1.Replace("\n", ""); text1 = text1.Replace("\t", ""); text1 = text1.Replace("\r", ""); SqlConnection connection1 = new SqlConnection(Config.ConnectionString); SqlCommand command1 = new SqlCommand(text1, connection1); ###########################
Look where you want to go not where you don't want to crash. Bikers Bible
:wtf: HOLY .... *must use powers ...no swearing ....kid sister rule aaaahhhh..... (edit) Looked at it again X| my eyes are burning with fury of seven suns aarrgghhh.... (/edit)
I can only please one person a day... today is not your day
Last modified: Monday, August 21, 2006 7:46:37 AM --
-
I found this small nugget of code buried in a sea obsurity. I was speachless and could not figure out why someone would ever write such a piece nonsense. Whats worse :omg: is this is currently running live. ########################### string text1 = string.Concat(new object[] { "INSERT INTO Policy \r\n\t\t\t\t(\r\n\t\t\t\t\tProductID, \r\n\t\t\t\t\tschemeGroupID, \r\n\t\t\t\t\tCreatedBy\r\n\t\t\t\t) \r\n\t\t\t\tVALUES \r\n\t\t\t\t(\r\n\t\t\t\t\t", num1, ", \r\n\t\t\t\t\t", this.QuoteSelected.SchemeGroupID, ", \r\n\t\t\t\t\t'", this.CreatedBy, "'\r\n\t\t\t\t);\r\n\t\t\t\tSELECT @@IDENTITY;" }); text1 = text1.Replace("\n", ""); text1 = text1.Replace("\t", ""); text1 = text1.Replace("\r", ""); SqlConnection connection1 = new SqlConnection(Config.ConnectionString); SqlCommand command1 = new SqlCommand(text1, connection1); ###########################
Look where you want to go not where you don't want to crash. Bikers Bible
Just to get this round my head, the WTFs are: * there is are a bunch of string literals that contains lots of newline, line feed and tab characters in escaped form that would have been eventually sent to a SQL parser which will just ignore them. * The tab, line feed and carriage return values are stripped out of the fully concatenated string. (Which begs the question: Why put them in there in the first place?) * The SQL String has values injected into it. * The items are placed inside an object array before being concatenated, this is redundant as the params modifier is used in the method signature so creating an object array is a waste of time. * The variables do not have reasonable names. text1, connection1, command1 are not suitable names. * The SQL uses SELECT @@IDENTITY which is not thread safe and may return the identity value of a completely different table if two or more INSERTs are being processed by SQL Server at the same time. SCOPE_IDENTITY() would be a better alternative. Have I missed anything? All I can say is that I'm glad I'm not maintaining that code. And, if I ever come into the office one morning and look at the code I wrote the night before and think to myself "What was I doing?" I can just remember the code here and be glad that even while coding drunk I have never produced anything that bad. -- modified at 10:07 Monday 21st August, 2006 -- modified at 10:10 Monday 21st August, 2006
Upcoming Scottish Developers events: * UK Security Evangelists On Tour (2nd November, Edinburgh) * Developer Day Scotland: are you interested in speaking or attending? My: Website | Blog
-
I found this small nugget of code buried in a sea obsurity. I was speachless and could not figure out why someone would ever write such a piece nonsense. Whats worse :omg: is this is currently running live. ########################### string text1 = string.Concat(new object[] { "INSERT INTO Policy \r\n\t\t\t\t(\r\n\t\t\t\t\tProductID, \r\n\t\t\t\t\tschemeGroupID, \r\n\t\t\t\t\tCreatedBy\r\n\t\t\t\t) \r\n\t\t\t\tVALUES \r\n\t\t\t\t(\r\n\t\t\t\t\t", num1, ", \r\n\t\t\t\t\t", this.QuoteSelected.SchemeGroupID, ", \r\n\t\t\t\t\t'", this.CreatedBy, "'\r\n\t\t\t\t);\r\n\t\t\t\tSELECT @@IDENTITY;" }); text1 = text1.Replace("\n", ""); text1 = text1.Replace("\t", ""); text1 = text1.Replace("\r", ""); SqlConnection connection1 = new SqlConnection(Config.ConnectionString); SqlCommand command1 = new SqlCommand(text1, connection1); ###########################
Look where you want to go not where you don't want to crash. Bikers Bible
-
I found this small nugget of code buried in a sea obsurity. I was speachless and could not figure out why someone would ever write such a piece nonsense. Whats worse :omg: is this is currently running live. ########################### string text1 = string.Concat(new object[] { "INSERT INTO Policy \r\n\t\t\t\t(\r\n\t\t\t\t\tProductID, \r\n\t\t\t\t\tschemeGroupID, \r\n\t\t\t\t\tCreatedBy\r\n\t\t\t\t) \r\n\t\t\t\tVALUES \r\n\t\t\t\t(\r\n\t\t\t\t\t", num1, ", \r\n\t\t\t\t\t", this.QuoteSelected.SchemeGroupID, ", \r\n\t\t\t\t\t'", this.CreatedBy, "'\r\n\t\t\t\t);\r\n\t\t\t\tSELECT @@IDENTITY;" }); text1 = text1.Replace("\n", ""); text1 = text1.Replace("\t", ""); text1 = text1.Replace("\r", ""); SqlConnection connection1 = new SqlConnection(Config.ConnectionString); SqlCommand command1 = new SqlCommand(text1, connection1); ###########################
Look where you want to go not where you don't want to crash. Bikers Bible
-
Come on! Haven’t you ever pounded out code while drinking heavily? :laugh: Well, may some hallucinogenic drugs were involved, too.
Not while someone else was paying for my code. -- modified at 9:18 Monday 21st August, 2006
Look where you want to go not where you don't want to crash. Bikers Bible
-
I found this small nugget of code buried in a sea obsurity. I was speachless and could not figure out why someone would ever write such a piece nonsense. Whats worse :omg: is this is currently running live. ########################### string text1 = string.Concat(new object[] { "INSERT INTO Policy \r\n\t\t\t\t(\r\n\t\t\t\t\tProductID, \r\n\t\t\t\t\tschemeGroupID, \r\n\t\t\t\t\tCreatedBy\r\n\t\t\t\t) \r\n\t\t\t\tVALUES \r\n\t\t\t\t(\r\n\t\t\t\t\t", num1, ", \r\n\t\t\t\t\t", this.QuoteSelected.SchemeGroupID, ", \r\n\t\t\t\t\t'", this.CreatedBy, "'\r\n\t\t\t\t);\r\n\t\t\t\tSELECT @@IDENTITY;" }); text1 = text1.Replace("\n", ""); text1 = text1.Replace("\t", ""); text1 = text1.Replace("\r", ""); SqlConnection connection1 = new SqlConnection(Config.ConnectionString); SqlCommand command1 = new SqlCommand(text1, connection1); ###########################
Look where you want to go not where you don't want to crash. Bikers Bible
typical pre-release fix. Not that I'd ever do such a thing!
We are a big screwed up dysfunctional psychotic happy family - some more screwed up, others more happy, but everybody's psychotic joint venture definition of CP
Linkify! || Fold With Us! || sighist -
I found this small nugget of code buried in a sea obsurity. I was speachless and could not figure out why someone would ever write such a piece nonsense. Whats worse :omg: is this is currently running live. ########################### string text1 = string.Concat(new object[] { "INSERT INTO Policy \r\n\t\t\t\t(\r\n\t\t\t\t\tProductID, \r\n\t\t\t\t\tschemeGroupID, \r\n\t\t\t\t\tCreatedBy\r\n\t\t\t\t) \r\n\t\t\t\tVALUES \r\n\t\t\t\t(\r\n\t\t\t\t\t", num1, ", \r\n\t\t\t\t\t", this.QuoteSelected.SchemeGroupID, ", \r\n\t\t\t\t\t'", this.CreatedBy, "'\r\n\t\t\t\t);\r\n\t\t\t\tSELECT @@IDENTITY;" }); text1 = text1.Replace("\n", ""); text1 = text1.Replace("\t", ""); text1 = text1.Replace("\r", ""); SqlConnection connection1 = new SqlConnection(Config.ConnectionString); SqlCommand command1 = new SqlCommand(text1, connection1); ###########################
Look where you want to go not where you don't want to crash. Bikers Bible
I bet there was some more code between
string text1 = string.Concat(new object[] { "INSERT INTO (...) ENTITY;" });
and
text1 = text1.Replace("\n", "");
This looks like formatted for some debugging output. Anyway, it is ugly. Do you have source control so you can force the culprit to write 200 pages of documentation ? (could not think of any better punishment on the moment)...
~RaGE();
I think words like 'destiny' are a way of trying to find order where none exists. - Christian Graus
-
I bet there was some more code between
string text1 = string.Concat(new object[] { "INSERT INTO (...) ENTITY;" });
and
text1 = text1.Replace("\n", "");
This looks like formatted for some debugging output. Anyway, it is ugly. Do you have source control so you can force the culprit to write 200 pages of documentation ? (could not think of any better punishment on the moment)...
~RaGE();
I think words like 'destiny' are a way of trying to find order where none exists. - Christian Graus
I believe the culprit has been deleted.
Look where you want to go not where you don't want to crash. Bikers Bible
-
I found this small nugget of code buried in a sea obsurity. I was speachless and could not figure out why someone would ever write such a piece nonsense. Whats worse :omg: is this is currently running live. ########################### string text1 = string.Concat(new object[] { "INSERT INTO Policy \r\n\t\t\t\t(\r\n\t\t\t\t\tProductID, \r\n\t\t\t\t\tschemeGroupID, \r\n\t\t\t\t\tCreatedBy\r\n\t\t\t\t) \r\n\t\t\t\tVALUES \r\n\t\t\t\t(\r\n\t\t\t\t\t", num1, ", \r\n\t\t\t\t\t", this.QuoteSelected.SchemeGroupID, ", \r\n\t\t\t\t\t'", this.CreatedBy, "'\r\n\t\t\t\t);\r\n\t\t\t\tSELECT @@IDENTITY;" }); text1 = text1.Replace("\n", ""); text1 = text1.Replace("\t", ""); text1 = text1.Replace("\r", ""); SqlConnection connection1 = new SqlConnection(Config.ConnectionString); SqlCommand command1 = new SqlCommand(text1, connection1); ###########################
Look where you want to go not where you don't want to crash. Bikers Bible
Not even close. If I had some snippets from when I was a TA in Java your eyes would leap from your skulls and run to the nearest pit of lava.
On two occasions I have been asked [by members of Parliament], 'Pray, Mr. Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question. - Charles Babbage
-
Just to get this round my head, the WTFs are: * there is are a bunch of string literals that contains lots of newline, line feed and tab characters in escaped form that would have been eventually sent to a SQL parser which will just ignore them. * The tab, line feed and carriage return values are stripped out of the fully concatenated string. (Which begs the question: Why put them in there in the first place?) * The SQL String has values injected into it. * The items are placed inside an object array before being concatenated, this is redundant as the params modifier is used in the method signature so creating an object array is a waste of time. * The variables do not have reasonable names. text1, connection1, command1 are not suitable names. * The SQL uses SELECT @@IDENTITY which is not thread safe and may return the identity value of a completely different table if two or more INSERTs are being processed by SQL Server at the same time. SCOPE_IDENTITY() would be a better alternative. Have I missed anything? All I can say is that I'm glad I'm not maintaining that code. And, if I ever come into the office one morning and look at the code I wrote the night before and think to myself "What was I doing?" I can just remember the code here and be glad that even while coding drunk I have never produced anything that bad. -- modified at 10:07 Monday 21st August, 2006 -- modified at 10:10 Monday 21st August, 2006
Upcoming Scottish Developers events: * UK Security Evangelists On Tour (2nd November, Edinburgh) * Developer Day Scotland: are you interested in speaking or attending? My: Website | Blog
Colin Angus Mackay wrote:
* there is are a bunch of string literals that contains lots of newline, line feed and tab characters in escaped form that will eventaully be sent to a SQL parser which will just ignore them.
It replaces those with empty strings. I can only presume this was generated with some sort of SQL generator, and the original developer wasn't capable of manually removing all the escape chars himself :~
-- Help me! I'm turning into a grapefruit! Buzzwords!
-
Colin Angus Mackay wrote:
* there is are a bunch of string literals that contains lots of newline, line feed and tab characters in escaped form that will eventaully be sent to a SQL parser which will just ignore them.
It replaces those with empty strings. I can only presume this was generated with some sort of SQL generator, and the original developer wasn't capable of manually removing all the escape chars himself :~
-- Help me! I'm turning into a grapefruit! Buzzwords!
benjymous wrote:
Colin Angus Mackay wrote: * there is are a bunch of string literals that contains lots of newline, line feed and tab characters in escaped form that will eventaully be sent to a SQL parser which will just ignore them. It replaces those with empty strings.
Ah... I've replaced it with the subjunctive. It makes more sense now.
Upcoming Scottish Developers events: * UK Security Evangelists On Tour (2nd November, Edinburgh) * Developer Day Scotland: are you interested in speaking or attending? My: Website | Blog
-
I found this small nugget of code buried in a sea obsurity. I was speachless and could not figure out why someone would ever write such a piece nonsense. Whats worse :omg: is this is currently running live. ########################### string text1 = string.Concat(new object[] { "INSERT INTO Policy \r\n\t\t\t\t(\r\n\t\t\t\t\tProductID, \r\n\t\t\t\t\tschemeGroupID, \r\n\t\t\t\t\tCreatedBy\r\n\t\t\t\t) \r\n\t\t\t\tVALUES \r\n\t\t\t\t(\r\n\t\t\t\t\t", num1, ", \r\n\t\t\t\t\t", this.QuoteSelected.SchemeGroupID, ", \r\n\t\t\t\t\t'", this.CreatedBy, "'\r\n\t\t\t\t);\r\n\t\t\t\tSELECT @@IDENTITY;" }); text1 = text1.Replace("\n", ""); text1 = text1.Replace("\t", ""); text1 = text1.Replace("\r", ""); SqlConnection connection1 = new SqlConnection(Config.ConnectionString); SqlCommand command1 = new SqlCommand(text1, connection1); ###########################
Look where you want to go not where you don't want to crash. Bikers Bible
-
I found this small nugget of code buried in a sea obsurity. I was speachless and could not figure out why someone would ever write such a piece nonsense. Whats worse :omg: is this is currently running live. ########################### string text1 = string.Concat(new object[] { "INSERT INTO Policy \r\n\t\t\t\t(\r\n\t\t\t\t\tProductID, \r\n\t\t\t\t\tschemeGroupID, \r\n\t\t\t\t\tCreatedBy\r\n\t\t\t\t) \r\n\t\t\t\tVALUES \r\n\t\t\t\t(\r\n\t\t\t\t\t", num1, ", \r\n\t\t\t\t\t", this.QuoteSelected.SchemeGroupID, ", \r\n\t\t\t\t\t'", this.CreatedBy, "'\r\n\t\t\t\t);\r\n\t\t\t\tSELECT @@IDENTITY;" }); text1 = text1.Replace("\n", ""); text1 = text1.Replace("\t", ""); text1 = text1.Replace("\r", ""); SqlConnection connection1 = new SqlConnection(Config.ConnectionString); SqlCommand command1 = new SqlCommand(text1, connection1); ###########################
Look where you want to go not where you don't want to crash. Bikers Bible
That looks icky all right. But I have seen worse. Much worse. Ever had to maintain C code that was converted from really really old fortran? Space padded fixed length strings to null terminated strings - fun! Generated code is so pretty. Not. :) - Phil
-
I found this small nugget of code buried in a sea obsurity. I was speachless and could not figure out why someone would ever write such a piece nonsense. Whats worse :omg: is this is currently running live. ########################### string text1 = string.Concat(new object[] { "INSERT INTO Policy \r\n\t\t\t\t(\r\n\t\t\t\t\tProductID, \r\n\t\t\t\t\tschemeGroupID, \r\n\t\t\t\t\tCreatedBy\r\n\t\t\t\t) \r\n\t\t\t\tVALUES \r\n\t\t\t\t(\r\n\t\t\t\t\t", num1, ", \r\n\t\t\t\t\t", this.QuoteSelected.SchemeGroupID, ", \r\n\t\t\t\t\t'", this.CreatedBy, "'\r\n\t\t\t\t);\r\n\t\t\t\tSELECT @@IDENTITY;" }); text1 = text1.Replace("\n", ""); text1 = text1.Replace("\t", ""); text1 = text1.Replace("\r", ""); SqlConnection connection1 = new SqlConnection(Config.ConnectionString); SqlCommand command1 = new SqlCommand(text1, connection1); ###########################
Look where you want to go not where you don't want to crash. Bikers Bible
-
Hmmm at first glance it's madness, but at second glance perhaps they were debugging or something and looking at it in a debugger ....ahh forget it, no excuse. Probably copied out of a visual designer of some kind.
Hi! Yes I agree with your assumptions, I bet the programmer copied the string from a sql editor and used an utility akin to the StringBuilder add-in to produce a formatted string from the clipboard contents... :~ Anyways, I really wouldn't like to be the one maintaining such code! ;P
An interesting form of object-oriented programming: You suggest a novel approach, and watch as the rest of your team objects!
-
Not even close. If I had some snippets from when I was a TA in Java your eyes would leap from your skulls and run to the nearest pit of lava.
On two occasions I have been asked [by members of Parliament], 'Pray, Mr. Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question. - Charles Babbage
-
I found this small nugget of code buried in a sea obsurity. I was speachless and could not figure out why someone would ever write such a piece nonsense. Whats worse :omg: is this is currently running live. ########################### string text1 = string.Concat(new object[] { "INSERT INTO Policy \r\n\t\t\t\t(\r\n\t\t\t\t\tProductID, \r\n\t\t\t\t\tschemeGroupID, \r\n\t\t\t\t\tCreatedBy\r\n\t\t\t\t) \r\n\t\t\t\tVALUES \r\n\t\t\t\t(\r\n\t\t\t\t\t", num1, ", \r\n\t\t\t\t\t", this.QuoteSelected.SchemeGroupID, ", \r\n\t\t\t\t\t'", this.CreatedBy, "'\r\n\t\t\t\t);\r\n\t\t\t\tSELECT @@IDENTITY;" }); text1 = text1.Replace("\n", ""); text1 = text1.Replace("\t", ""); text1 = text1.Replace("\r", ""); SqlConnection connection1 = new SqlConnection(Config.ConnectionString); SqlCommand command1 = new SqlCommand(text1, connection1); ###########################
Look where you want to go not where you don't want to crash. Bikers Bible
A few years ago I had the pleasure X| to read a legacy Cobol source code; after many, many pages of interesting code :zzz: :zzz: :zzz: I found this masterpiece:
IF PIPPO = 8 OR PIPPO = 8 PERFOM R-A.Looks like it is more obscure and clearer than your SQL code, at the same time! Of course the programmer who wrote this was not in the firm anymore (I'm not sure he was even in this life anymore): after a short briefing we decided the programmer was an insecure guy and wanted to be REALLY sure the variable equalled 8 (of course this code had been in production for several years when I read it). It's been my first experience with fuzzy logic. A few pages later I found another masterpieceIF X = ZERO PERFORM R-CALC ELSE IF X = 1 PERFORM R-CALC ELSE IF X = 2 PERFORM R-CALC ELSE IF X = 3 PERFORM R-CALC ... ELSE IF X = 50 PERFORM R-CALC ENDIF.Variable X could assume only values from 1 (default) to 50, but code tested for value ZERO, and in any case, tested each value and for each value performed routine R-CALC. I thought the programmer was paid by lines of code, but I don't understand why she/he didn't write fifty identical routines R-CALC00, R-CALC01... R-CALC50 to call: I hope she/he had been fired before having the time to do this.Marco Turrini
-
Colin Angus Mackay wrote:
* there is are a bunch of string literals that contains lots of newline, line feed and tab characters in escaped form that will eventaully be sent to a SQL parser which will just ignore them.
It replaces those with empty strings. I can only presume this was generated with some sort of SQL generator, and the original developer wasn't capable of manually removing all the escape chars himself :~
-- Help me! I'm turning into a grapefruit! Buzzwords!
Uhm... guys... It's calld to Obfuscate... taken from website: "converts the JavaScript source code into scrambled and completely unreadable form, preventing it from analysing and theft" www.javascipt-source.com Have no idea about the SQL injections.. Don't have any experience on obfuscating, but i'd expect the source before obfuscation used injection. Atli:)
-
I found this small nugget of code buried in a sea obsurity. I was speachless and could not figure out why someone would ever write such a piece nonsense. Whats worse :omg: is this is currently running live. ########################### string text1 = string.Concat(new object[] { "INSERT INTO Policy \r\n\t\t\t\t(\r\n\t\t\t\t\tProductID, \r\n\t\t\t\t\tschemeGroupID, \r\n\t\t\t\t\tCreatedBy\r\n\t\t\t\t) \r\n\t\t\t\tVALUES \r\n\t\t\t\t(\r\n\t\t\t\t\t", num1, ", \r\n\t\t\t\t\t", this.QuoteSelected.SchemeGroupID, ", \r\n\t\t\t\t\t'", this.CreatedBy, "'\r\n\t\t\t\t);\r\n\t\t\t\tSELECT @@IDENTITY;" }); text1 = text1.Replace("\n", ""); text1 = text1.Replace("\t", ""); text1 = text1.Replace("\r", ""); SqlConnection connection1 = new SqlConnection(Config.ConnectionString); SqlCommand command1 = new SqlCommand(text1, connection1); ###########################
Look where you want to go not where you don't want to crash. Bikers Bible
Hmmm, If you replace the CR/LF/TAB as required you get INSERT INTO Policy ( ProductID, schemeGroupID, CreatedBy ) VALUES ( ", num1, ", ", this.QuoteSelected.SchemeGroupID, ", '", this.CreatedBy, "' ); SELECT @@IDENTITY;" which means it is just an unusual form of 'cut and paste' from a nicely formatted screen layout and applied in a creative way that I had not imagined before (and then compacted in code to make the string simpler for the parser to handle)! Some times the shorter way to do things actually takes longer in its final form.