Skip navigation.

Harold's Home

   Home
  
XML version of this site

PHP Scripts

Index
CLI fun
Mail on 404
HB-NS (NewsScript)

Downloads

Applescripts
APOD to Desktop
Dreamweaver Extensions

Stuff

Writings
Other stuff
Central Grinder

OOOk Default:

VJ stuff
VJ Tools
Bananas
Strippers
Sample Movies

News

Odd code
I'm currently reading someone else's PHP code and it's a disconcerting thing to read code without any comments whatsoever except for the occasional // insert into database here. This code isn't the most elegant around and shows some really weird things like using nl2br() before inserting into a database and then tediously converting <br /> back to newlines again for the update function.

In fact this reminds me a bit of some code I used to write when I first started with PHP, though I only used that on my own site and didn't use this in production or release.

One of the things I was asked to do was tighten up the security of this app, though I haven't found a really big flaw yet. The code seems ungainly (possibly also due to the extremely unhelpful variable names like $blaat, as in the sound a sheep makes, this is code that has to do with a newspage, nothing about cattle in here, move along) and awkward but it is secure as far as I can tell. (I might still find some big gaping hole as I still haven't figured out what a lot of the files are doing (there's a lot of cruft and dead experiments left behind.))

Still: why would anyone use code to split the parameters from a URL to see what to do in certain circumstances? If you got a URL like http://www.example.com/index.php?delete=yes&id=12 it's pretty clear you could just grab the $delete and $id variables from the environment like so:
$delete = $_GET['delete'];
$id = $_GET['id'];

Instead the person writing this used a complicated series of list(), split() and explode().
Fifteen lines wasted, 20 minutes wasted trying to figure out what's happening where and why. Still, it's a fun puzzle and it'll be fun to throw it all out and start afresh if that's what is deemed to only way to salvage this site (and I suspect it might be).

Back to my puzzle.

Show all items | Read all items

About, copyright, privacy and accessibility | Mail