Php magicians



  • I work on a system every day which is made of bugs. Today I realized how stupid can be a human being. If someone have to pay as a punishment, the system stores it with id 204. Az idiot wrote into the code insert into ... punishment_reason=402. I looked for it and there is no 402 id in the punishment reason table. It is "the same" as 204, so I checked the function which should have to list these punishments. The function was this one:

    [code]

    function getLastPunishmentDate()
    {
    if($date==null)
    {
    $date=date();
    }

    $sql="select blablabla where date=".$date;

    return SQLObject::fetch($sql);
    }
    [/code]

    The only problem was that it returned null every time, because $date had not rounded by quotes. I've done a 5 minute task in 5 hours. Thank you guys! (Again..)



  • I wish I could make a wise comment about 402 being the area code for Omaha and that it makes sense to think of it as punishment, but actually Omaha is quite a nice city with surprisingly modern buildings and a high-quality lifestyle (in most areas).

    204 however is the area code for Manitoba, which is the Canadian twin of North Dakota... See what kind of punishment it is!.



  • http://100pulse.com/http-statuscode/402.jsp

     HTTP Error 402 - Payment Required



  • @szigya said:

    I work on a system every day which is made of bugs. Today I realized how stupid can be a human being. If someone have to pay as a punishment, the system stores it with id 204. Az idiot wrote into the code insert into ... punishment_reason=402. I looked for it and there is no 402 id in the punishment reason table.

    The real problem here seems to be a missing foreign key constraint.

    @szigya said:

    $sql="select blablabla where date=".$date;
    The only problem was that it returned null every time, because $date had not rounded by quotes.

    No, that's by no means the only problem. The biggest problem here is that an SQL query is being composed by appending strings rather than using proper parameter substitution.



  • @szigya said:

    I work on a system every day which is made of bugs.

    Don't we all?



  • @szigya said:

    I work on a system every day which was made by Bugs

    So...What's up, doc?



  • It's not a problem here, because date is a valid data, and there is no $date input parameter (in the function) as you can see :))).
    Actually 'only' was a little sarcasm, it's originated from by mother tongue, maybe in english it's not so obvious.

    In this system there aren't any Foreign keys, because it uses MyISAM. :(



  • It seems common, but I've never seen anything like this before. I could post two or three times a day pieces like this. An other example:

    There is a menu: Queries.

    A function in connection with it is like this:

    public function Query128() { $sql="..."; //execute return $result; }

    and the number of the query is (was) an autoincrement value in the database, and was static in the view. So if I wanted to create a new query, I had to rename it after migration, because queries can be created "online" by clicking on a button and writing in an sql query.



  • @Alargule said:

    So...What's up, doc?
     

    Fuck, I see what you did here :D

     

     

    mod: added related quote —dh



  • @szigya said:

    Fuck, I see what you did here :D
     

    Yo! When replying, you should include a bit of relevant quote, otherwise it looks like you're shouting randomly.



  • @dhromed said:

    @szigya said:

    Fuck, I see what you did here :D
     

    Yo! When replying, you should include a bit of relevant quote, otherwise it looks like you're shouting randomly.

    Sure, danke. I'm just getting to know this forum engine.



    As well how to add new lines.



  • @szigya said:

    punishment_reason=402

    Kinky. Sounds like some kind of automated BDSM system.


  • Winner of the 2016 Presidential Election

    @anonymous235 said:

    @szigya said:
    punishment_reason=402

    Kinky. Sounds like some kind of automated BDSM system.

    enum PunishmentReason {
    // ...
        Naughty = 402,
    // ...
    }


  • @szigya said:

    It's not a problem here, because date is a valid data, and there is no $date input parameter (in the function) as you can see :))).

    Yes, it is. It's bugging about like this that gives PHP a bad name, in my opinion. Simply always parametrize your queries; if you have a good system in place for that, it becomes second nature and you automatically avoid bugs like this because those quotes would have been inserted automatically - which would have saved you five hours of work.

    For example, a system I work with has a fairly simple query syntax, that is based on (and is essentially identical to) sprintf. It takes a variable number of arguments, of course, and each parameter goes through mysql_real_escape_string and has quotes added to it. Possibility of SQL-injection: zero; at least, as long as you consistently enforce this structure. Is this some mysterious, new fangled enigma technique? Not exactly: it's been in place for almost a decade now (and in fact being deprecated in favor of the newer MySQLi methods). Heck, there's an example of how to do this in the manual.



  • @FragFrog said:

    @szigya said:
    It's not a problem here, because date is a valid data, and there is no $date input parameter (in the function) as you can see :))).

    Yes, it is. It's bugging about like this that gives PHP a bad name, in my opinion. Simply always parametrize your queries; if you have a good system in place for that, it becomes second nature and you automatically avoid bugs like this because those quotes would have been inserted automatically - which would have saved you five hours of work.

    For example, a system I work with has a fairly simple query syntax, that is based on (and is essentially identical to) sprintf. It takes a variable number of arguments, of course, and each parameter goes through mysql_real_escape_string and has quotes added to it. Possibility of SQL-injection: zero; at least, as long as you consistently enforce this structure. Is this some mysterious, new fangled enigma technique? Not exactly: it's been in place for almost a decade now (and in fact being deprecated in favor of the newer MySQLi methods). Heck, there's an example of how to do this in the manual.

    Don' misunderstand me, this is not the technique I use when I write a code. I've learnt ASP.NET as well, and prefer that kind of coding style, so I use framework for my php projects. I said it's not a problem from a security aspect, and I don't think it would be better if it was a parameter.



  • @dhromed said:

    ...it looks like you're shouting randomly
    To be fair, that is the way many of us roll.



  • @eViLegion said:

    @dhromed said:
    ...it looks like you're shouting randomly
    To be fair, that is the way many of us roll.
     

    It's like long-form twitter.



  • @dhromed said:

    It's like long-form twitter.
     

    lornekates Tweets:

    #ftfy #hashtaginsteadofthought

    lornekates Tweets:

     ... up and presented in reverse chrono

    lornekates Tweets:

    ... where long ideas are broken ...

    lornekates Tweets:

     ... form @Twitter  ...

    lornekates Tweets:

    It like long...


     



  • @szigya said:

    @dhromed said:

    @szigya said:

    Fuck, I see what you did here :D
     

    Yo! When replying, you should include a bit of relevant quote, otherwise it looks like you're shouting randomly.

    Sure, danke. I'm just getting to know this forum engine.



    As well how to add new lines.

    Oooh, you're going to have so much fun with this one.


  • Winner of the 2016 Presidential Election

    @Maciejasjmj said:

    @szigya said:
    @dhromed said:

    @szigya said:

    Fuck, I see what you did here :D
     

    Yo! When replying, you should include a bit of relevant quote, otherwise it looks like you're shouting randomly.

    Sure, danke. I'm just getting to know this forum engine.



    As well how to add new lines.

    Oooh, you're going to have so much fun with this one.


    Filed under: XSS is strictly prohibited, well not quite


    We should have a list of things you shouldn't do, so people know not to do them.


    I'll start:

    1. Don't write <img src="/logout.aspx"> in your posts
    2. Don't close more tags than you open in your posts
    3. Don't post ginormous images [known as Ben L'ing*]

    * Other practices known as Ben L'ing in include talking about Chromebooks, Go advocacy, and feline sodomy


  • @joe.edwards said:

    * Other practices known as Ben L'ing in include talking about Chromebooks, Go advocacy, and feline sodomy

    What about QR code abuse? Won't anyone think of the poor QR codes?



  • @joe.edwards said:

    1. Don't write <img src="/logout.aspx"> in your posts

    2. Don't close more tags than you open in your posts
    3. Don't post ginormous images [known as Ben L'ing*]

    * Other practices known as Ben L'ing in include talking about Chromebooks, Go advocacy, and feline sodomy
    This public service message has been brought to you by The Ministry of No Fun At All.

     


  • Winner of the 2016 Presidential Election

    @El_Heffe said:

    @joe.edwards said:
    1. Don't write <img src="/logout.aspx"> in your posts

    2. Don't close more tags than you open in your posts
    3. Don't post ginormous images [known as Ben L'ing*]

    * Other practices known as Ben L'ing in include talking about Chromebooks, Go advocacy, and feline sodomy
    This public service message has been brought to you by The Ministry of No Fun At All.

     

    Maybe I was too subtle.


  • @joe.edwards said:

    Don't write <img src="/logout.aspx"> in your posts

    You just reminded me I still don't have a signature.



  • Filed under: The point was giving him ideas he might never have had otherwise.

    <img src="http://static.tvtropes.org/pmwiki/pub/images/texplainthejoke.jpg" >



  • @Maciejasjmj said:

    Filed under: The point was giving him ideas he might never have had otherwise.

    He's cross because somebody just explained a joke.



  • @flabdablet said:

    @Maciejasjmj said:
    Filed under: The point was giving him ideas he might never have had otherwise.

    He's cross because somebody just explained a joke.

    Referral Denied



  • @Scribbler said:

    What about QR code abuse?



  • @Ronald said:

    @Scribbler said:
    What about QR code abuse?

    WHO IS THAT? HAVE YOU BEEN SEEING SOMEONE?


  • @dhromed said:

    @szigya said:

    Fuck, I see what you did here :D
     

    Yo! When replying, you should include a bit of relevant quote, otherwise it looks like you're shouting randomly.

    I told him he should have turned left at Albuquerque!



  • @DaveK said:

    told him he should have turned left at Albuquerque

    Albuquerque is more famous for something else these days.



  • php magicians v2

    protected static function storeData($generatedSessionId, $value){
    $storeId = self::getStoreKey($generatedSessionId);

    $sql = "
    DELETE FROM dataStoreData WHERE store_id = " . (int)$storeId . ";
    ";

    self::$_dbConnection->execute($sql);

    foreach($value as $row){

    $sql = "
    INSERT INTO dataStoreData (store_id, row_id, data)
    VALUES (" . $storeId . ", " . current($row) . ", '" . self::$_dbConnection->quote(serialize($row)) . "')
    ";

    self::$_dbConnection->execute($sql);

    }

    return $storeId;
    }

     



  • @szigya said:

     

      indeed!



  • @anonymous235 said:

    indeed!
     

    It's fixed-height padding so that syzzigy's posts fit exactly on my monitor.



  • @dhromed said:

    @anonymous235 said:

    indeed!
     

    It's fixed-height padding so that syzzigy's posts fit exactly on my monitor.


    You have really small monitor :(



  • @szigya said:

    You have really small monitor :(
     

    Sorry, I meant only your previous one, with the ton of white space.



  • @Zemm said:

    @DaveK said:
    told him he should have turned left at Albuquerque

    Albuquerque is more famous for something else these days.


    Filed Under: Can you think of something that talks, other than a person?
    Hot dogs? Jumping frogs?


  • @dhromed said:

    @szigya said:

    You have really small monitor :(
     

    Sorry, I meant only your previous one, with the ton of white space.

    I know.


  • Discourse touched me in a no-no place

    @DaveK said:

    @Zemm said:
    Albuquerque is more famous for something else these days.
    Hot dogs? Jumping frogs?
    Lumberjacks?



  • @dkf said:

    @DaveK said:
    @Zemm said:
    Albuquerque is more famous for something else these days.
    Hot dogs? Jumping frogs?
    Lumberjacks?
    Don't think there are an awful lot of lumberjacks in the deserts of New Mexico.



  • @DaveK said:

    @dkf said:
    @DaveK said:
    @Zemm said:
    Albuquerque is more famous for something else these days.
    Hot dogs? Jumping frogs?
    Lumberjacks?
    Don't think there are an awful lot of lumberjacks in the deserts of New Mexico.

    The only reason I can think of to live in the deserts of New Mexico is because either you are terrified of plants or you hate them with a burning passion.  The later could make you a non-professional lumberjack.


  • Winner of the 2016 Presidential Election

    @locallunatic said:

    @DaveK said:

    @dkf said:
    @DaveK said:
    @Zemm said:
    Albuquerque is more famous for something else these days.
    Hot dogs? Jumping frogs?
    Lumberjacks?
    Don't think there are an awful lot of lumberjacks in the deserts of New Mexico.

    The only reason I can think of to live in the deserts of New Mexico is because either you are terrified of plants or you hate them with a burning passion.  The later could make you a non-professional lumberjack.

    Most lumberjacks aren't afraid of p***ts, they're simply disgusted by them.


  • @joe.edwards said:

    @locallunatic said:
    @DaveK said:
    @dkf said:
    @DaveK said:
    @Zemm said:
    Albuquerque is more famous for something else these days.
    Hot dogs? Jumping frogs?
    Lumberjacks?
    Don't think there are an awful lot of lumberjacks in the deserts of New Mexico.

    The only reason I can think of to live in the deserts of New Mexico is because either you are terrified of plants or you hate them with a burning passion.  The later could make you a non-professional lumberjack.

    Most lumberjacks aren't afraid of p***ts, they're simply disgusted by them.
    How do lumberjacks feel about f****ts?

     



  • @El_Heffe said:

    @joe.edwards said:

    @locallunatic said:
    @DaveK said:
    @dkf said:
    @DaveK said:
    @Zemm said:
    Albuquerque is more famous for something else these days.
    Hot dogs? Jumping frogs?
    Lumberjacks?
    Don't think there are an awful lot of lumberjacks in the deserts of New Mexico.

    The only reason I can think of to live in the deserts of New Mexico is because either you are terrified of plants or you hate them with a burning passion.  The later could make you a non-professional lumberjack.

    Most lumberjacks aren't afraid of p***ts, they're simply disgusted by them.
    How do lumberjacks feel about f****ts?

     

    Are they okay?


  • @El_Heffe said:

    How do lumberjacks feel about fts?
     

    Pretty much every single [url="http://en.wikipedia.org/wiki/Faggot_(unit)"]fts[/url] in the world was once in the hands of a lumberjack.



  • @Lorne Kates said:

    @El_Heffe said:

    How do lumberjacks feel about fts?
     

    Pretty much every single ft in the world was once in the hands of a lumberjack.


    A f****t is either 21 or 31 pints, depending on what you had for lunch today.



  • @Ben L. said:

    @Lorne Kates said:

    @El_Heffe said:

    How do lumberjacks feel about fts?
     

    Pretty much every single ft in the world was once in the hands of a lumberjack.


    A f****t is either 21 or 31 pints, depending on what you had for lunch today.

    I am of the opinion that even as little as 21 pints is a bit much for lunch.




  • @Lorne Kates said:

    @El_Heffe said:

    How do lumberjacks feel about fts?
     

    Pretty much every single fts in the world was once in the hands of a lumberjack.

    YHBT?  I think El Heffe was asking how they feel about forests.




  • @locallunatic said:

    The only reason I can think of to live in the deserts of New Mexico is because either you are terrified of plants or you hate them with a burning passion.

    What if you like to watch cute chicks with sunglasses playing the slots?

    Also it's hard to find a venue name that is cooler than Casino Apache.



  • @Ronald said:

    Also it's hard to find a venue name that is cooler than Casino Apache.

    How about Casino IIS?


Log in to reply
 

Looks like your connection to What the Daily WTF? was lost, please wait while we try to reconnect.