Try to find something dumber if you can...
-
No comment...
If Request.QueryString("tsid") IsNot Nothing Then Session("TSID") = sql.SQLValue("SELECT TSID FROM TimeRegHeader WHERE TSID = " & Request.QueryString("tsid")) End If -
No comment...
If Request.QueryString("tsid") IsNot Nothing Then Session("TSID") = sql.SQLValue("SELECT TSID FROM TimeRegHeader WHERE TSID = " & Request.QueryString("tsid")) End If -
Do you mean the SQL injection vulnerability, the fact that data is stored in the session object or that you don't like this kind of validation?
I think he means the fact that the code sets the value of TSID to the result of a query that selects the value of TSID where the value of TSID is equal to the value of tsid. Or something like that...
-
Do you mean the SQL injection vulnerability, the fact that data is stored in the session object or that you don't like this kind of validation?
all what you said + the ad hoc SQL + (cherry on the cake) the fact that it stores in a session variable a TSID value from the database queried from a table where TSID is equal to the TSID from the query string (and no it wasn't designed to validate the existence of the TSID in the database since nothing handles the fact that the returned TSID could be null)...
-
No comment...
If Request.QueryString("tsid") IsNot Nothing Then Session("TSID") = sql.SQLValue("SELECT TSID FROM TimeRegHeader WHERE TSID = " & Request.QueryString("tsid")) End IfI think a web service query would have been even better! :rolleyes:
A train station is where the train stops. A bus station is where the bus stops. On my desk, I have a work station.... _________________________________________________________ My programs never have bugs, they just develop random features.
-
No comment...
If Request.QueryString("tsid") IsNot Nothing Then Session("TSID") = sql.SQLValue("SELECT TSID FROM TimeRegHeader WHERE TSID = " & Request.QueryString("tsid")) End IfI supported an ASP classic application written by someone in almost the exact same way. Might it possibly be written by the same person idiot?
"A democracy is nothing more than mob rule, where fifty-one percent of the people may take away the rights of the other forty-nine." - Thomas Jefferson "Democracy is two wolves and a lamb voting on what to have for lunch. Liberty is a well-armed lamb contesting the vote." - Benjamin Franklin Edbert Sydney, Australia
-
I supported an ASP classic application written by someone in almost the exact same way. Might it possibly be written by the same person idiot?
"A democracy is nothing more than mob rule, where fifty-one percent of the people may take away the rights of the other forty-nine." - Thomas Jefferson "Democracy is two wolves and a lamb voting on what to have for lunch. Liberty is a well-armed lamb contesting the vote." - Benjamin Franklin Edbert Sydney, Australia
Come on.. not all people are as good and professional like you Edbert X| X| , so to call him an idiot, is going to far. just my opinion. I know that the code is bad, but not so bad that i would attack the person who made it, its just like reading this type of code:
if(UserAllowed == true)
{
User.Allowed = true;
}
else
{
User.Allowed = false;
}Where the code easy could be optimized to simply say:
User.Allowed = UserAllowed;. I guess you never did start anywhere else but being a pro at developering. :)With great code, comes great complexity, so keep it simple stupid...:-\ :-\
-
Come on.. not all people are as good and professional like you Edbert X| X| , so to call him an idiot, is going to far. just my opinion. I know that the code is bad, but not so bad that i would attack the person who made it, its just like reading this type of code:
if(UserAllowed == true)
{
User.Allowed = true;
}
else
{
User.Allowed = false;
}Where the code easy could be optimized to simply say:
User.Allowed = UserAllowed;. I guess you never did start anywhere else but being a pro at developering. :)With great code, comes great complexity, so keep it simple stupid...:-\ :-\
Where the code easy could be optimized to simply say: User.Allowed = UserAllowed;. The question would be whether there would likely be any requirement to do something different in the true and false cases. Incidentally, on some processors, if the source operand is of type bit, the "var1 = var2;" statement may be implemented a number of different ways (for the following examples, the destination is also of type bit; each line is a possible implementation):
var1 = 0; if (var2) var1 = 1; /* 3 instructions; 3 cycles */
var1 = 1; if (!var2) var1 = 0; /* 3 instructions; 3 cycles */
if (!var2) var1 = 0; if (var2) var1 = 1; /* 4 instructions; 4 cycles */
if (var2) var1 = 1; if (!var2) var1 = 0; /* 4 instructions; 4 cycles */
if (var2) var1 = 1; else var1 = 0; /* 5 instructions; 4 or 5 cycles */
if (!var2) var1 = 0; else var1 = 1; /* 5 instructions; 4 or 5 cycles */If var1 is volatile, the first two ways are clearly distinct from the rest. If var1 and var2 are both volatile, the third and fourth ways are also distinct from the fifth and sixth (if var1 starts out 1, and if var2 changes from 0 to 1 between the two 'if' tests, var1 could change twice as a result of the assignment). The fifth and sixth ways are almost identical to each other, except that each will be faster in one case than the other (though one would have to examine the compiled code to know which was faster in each case).
-
Come on.. not all people are as good and professional like you Edbert X| X| , so to call him an idiot, is going to far. just my opinion. I know that the code is bad, but not so bad that i would attack the person who made it, its just like reading this type of code:
if(UserAllowed == true)
{
User.Allowed = true;
}
else
{
User.Allowed = false;
}Where the code easy could be optimized to simply say:
User.Allowed = UserAllowed;. I guess you never did start anywhere else but being a pro at developering. :)With great code, comes great complexity, so keep it simple stupid...:-\ :-\
I reserve my judgment and give the title idiot sparingly and in this case the person is truly an idiot (and no, he's had 10+ years of dev experience). If you had seen the code he wrote you would agree too.
"A democracy is nothing more than mob rule, where fifty-one percent of the people may take away the rights of the other forty-nine." - Thomas Jefferson "Democracy is two wolves and a lamb voting on what to have for lunch. Liberty is a well-armed lamb contesting the vote." - Benjamin Franklin Edbert Sydney, Australia