Found in an application built circa 2001 (I’ve replaced the descriptive variable names with $xxx):
$xxx = $this->htmlToText('<span>' . $xxx->get_lead_title() . '</span>');
So… first we wrap something in <span> tags, and then we convert the HTML to text?
Awesome.
This is unnerving:
[bobbojones@desktop app]$ grep -R mysql_real_ * | wc -l 20[bobbojones@desktop app]$ find . | xargs wc -l | tail -n 1 19199 total
In nearly 20,000 lines of code, the function mysql_real_escape_string() is called only 20 times. I estimate, very conservatively, that there are over 300 distinct queries in that code base.
I’m really hoping someone thought they’d be cute and wrap mysql_real_escape_string() inside some other function.
An e-mail draft was sitting on my computer when I got to my office this morning. It’s obviously something I started on Friday and never finished. This happens occasionally. The message read, in its entirety:
I want to run three areas for potential improvement by you
It did not have a subject or a “to” address. I hadn’t even added punctuation to the end of the sentence.
So, at the end of the day on Friday I had devised three brilliant ways to improve some application — that’s the only reason I would write such a thing — but I now have absolutely no idea what they were, which application it was, who would need to know about them, or even if there’s still time to implement them. I also know that I could not pursue this unilaterally, since I was about to ask someone else.
Discard.
Blërg.
Following are messages one does not want to see when reviewing the error logs from an applications:
Maximum buffer size exceeded
Uhh… maybe it’s just a really tiny buffer size?
A colleague just shared this gem with me:
Starting with two premises — that all software contains bugs and that all software can be built with fewer lines of code — one can inductively prove that all programs can be reduced to a single line of code that doesn’t work.
From my own code:
$application_id = 4; // Always 5 for this application
(It’s possible it’s supposed to be three.)
Found in an old application (circa 2002):
exit; /* just in case.*/ return false;
In case of what? Are we not trusting the exit statement anymore?
This reminds me of a West Wing scene from the episode Swiss Diplomacy:
Bartlet: This meeting doesn’t go in the Sit Room anymore, okay? I don’t know why the hell it’s here. This isn’t a military operation.
Leo: It’s a secure room.
Bartlet: My office is a secure room, too, isn’t it? Please, somebody tell me it is, or I gotta go pack some stuff. You see my point?
If exit doesn’t work, I gotta go pack some stuff.
In April, I wondered why a simple COUNT(1) query took 30 seconds. Now I know it could be a lot worse:
[bobbojones@test (none)] > SELECT COUNT(1) FROM r2; +----------+ | COUNT(1) | +----------+ | 0 | +----------+ 1 row in set (59.76 sec)
It just took nearly a minute to determine that the table is empty.
That’ll do, MySQL. That’ll do.
Lawyers famously say, “Never ask a question unless you already know the answer.”
I’m supplementing a third-party application we recently installed that administers quizzes online. It’s nothing revolutionary – students take a quiz, and it’s graded automatically. I just need to generate a new report that includes the already-calculated quiz grades, so I’m studying the database.
I started with the table results_answers which lists students’ individual answers, and includes a column called result_answer_iscorrect. Excellent! This must show a 1 if the answer is correct, or a 0 if it’s not. Let’s just ask the database to make sure:
[bobbojones@production xxx] > SELECT result_answer_iscorrect, COUNT(1)
FROM results_answers
GROUP BY result_answer_iscorrect;
+-------------------------+----------+
| result_answer_iscorrect | count(1) |
+-------------------------+----------+
| 0 | 425 |
| 2 | 18986 |
| 3 | 5259 |
+-------------------------+----------+
3 rows in set (0.15 sec)
Blërg! (There aren’t any ones, but there are twos and threes.)
I knew I shouldn’t have asked the question.
Although our entire development staff (including me) thinks it’s utterly stupid, I had to use the Zend Encoder.
[bobbojones@malahide pubph]$ zendenc pubph.php pubph.enc.php
root privileges are required in order to preserve ownerships of encoded files
That’s strange. I own the original file, and I’m running the executable. Shouldn’t I just naturally own its output files? I’ll just play along for fun.
[bobbojones@malahide pubph]$ sudo zendenc pubph.php pubph.enc.php
Cannot stat pubph.php: Permission denied
Wait, what do you mean, “Permission denied?” I said sudo! You know, sudo? As in, “Superuser access that authorizes me to do absolutely anything I want on this machine up to and including destroying its entire contents, your stupid executable included?” Sudo? Sound familiar? Even a little? No?
Blërg.
(As it turns out, the first one worked just fine. The “root privileges are required” reprimand is apparently only a warning, and just I didn’t happen to check the output immediately. Still, I feel as if my authority as a sudoer has been undermined.)
