Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
-
I promised a friend to have a look over his dads website to add a small blog. No big deal, I've got it on my drive, can reuse it just need to adapt it to the environment.
I take a look at what I'm working with and I see the most terrifying piece of "Please, take my data" code I could possibly imagine (And I've seen passwords, in plain text in a script tag). I quote "function queryDB(mode, val) {
var query=" ";
if(mode==="findProd")
query="Select * from Products where ProdNam=" +val;
... (same shit for different cases)
sendQuery(query) ;
}
He literally built the query on the client side sent it to a php script (without validation) and inserted it into the database.
You could literally call window.sendQuery with any sql query and get the result printed into the console.
And other than the plain text passwords guy that wasn't some kid someone knew, this was a "Webdesign" Agency.
Now I took the entire thing offline, called my friends dad, explained it to him and try to sort this out. I would not charge a good friends father but that hack will get a quite hefty bill since my hourly rate just tripled.
And the worst thing : If I publicly name that asshole or warn the people in his portfolio I can, according to Google, be sued. (But, and I assume thats vague enough not to count as bad mouthing, if anyone of you has a customer from Rheinland-Pfalz, Germany with a preexisting page, please have a look at the database interface)
I will call that agency tomorrow, ask for a detailed explanation for why they apparently let trained monkeys write their code and anonymously warn everyone in their portfolio about those flaws...
I don't know if I'm cursed or if there are just that many bad devs but it seems that once a year I have to stumble over some "mistakes" that make me question my sanity.4 -
This is an old one that I have hacked about to make it fit, so I hope it still works..
There were a business user, a B.A. and a developer on a road trip in the UK when they crossed the border into Wales. (This was antevirum, so that kind of behaviour was allowed back then).
They saw a sheep on a mountainside.
The business user cried out "Look! All the sheep in Wales are black!"
The B.A. tutted and said "Actually, all we can say is that there is at least one sheep in Wales and it is black down one side."
The developer woke up from nursing his hangover in the back seat, peered out of the window and said "How do you know its a sheep?" -
I wrote a client facing application, which management felt did not require any user guide for the business was required, but the client received a guide. In short, the business didn't understand how to setup a new client, blamed me that it was crap, just to find out they just didn't set it up right. No one apologized, or took credit for messing up. I know look like the black sheep
-
PHP is like the black sheep on every family tree. Lots of work revolves around him. It's prone to failure, break up easily, does things in an inefficient manner, and gets all kind of disease. So I'm using other family memebers, C++ and Go, to keep him on track.8
Top Tags
Weekly Rant
View