CarnivorousHippie
@CarnivorousHippie
Best posts made by CarnivorousHippie
Latest posts made by CarnivorousHippie
-
RE: ASPeers, can we agree to stop this shit?
@jasmine2501 said:
<asp:HyperLink Text="Legal" runat="server" CssClass="lbl" NavigateUrl="~/CMS.aspx?id=11"></asp:HyperLink>
<asp:Label Text="|" runat="server" ></asp:Label>
<asp:HyperLink ID="HyperLink1" Text="Privacy" runat="server" CssClass="lbl" NavigateUrl="~/CMS.aspx?id=6"></asp:HyperLink>
<asp:Label ID="Label1" Text="|" runat="server"></asp:Label>
<asp:Label Text="© 2012 My Damn Company, LLC. All rights reserved." runat="server" Style="padding-right: 28px; color: #7B7B7B;"></asp:Label>Learn some fucking HTML, bitch.
What is wrong with this?
<a href="~/CMS.aspx?id=11" class="lbl">Legal</a> | <a href="~/CMS.aspx?id=6" class="lbl">Privacy</a> | © 2013 My Damn Company, LLC. All rights reserved.
Seriously, who is teaching that first style? I see it way too much.
Agreed, a lot of asp.net to not add value to html. Of course, if you were gonna add some i18n, then it would be not-so-useless.
-
RE: To turn or not to turn, that is the question.
@Zemm said:
Driving on the left is more natural and safer. Keep you right hand on the steering wheel, most people are right eyed, etc.
When I drive, my right hand is on the wheel. My left arm is perched on the window, so my left hand is usually idle, or playing in the wind, or maybe holding a beverage.
-
RE: Senior developer
@Medinoc said:
Wait... If the text is fixed witdth, then it's not supposed to have only 211 spaces before the file name.
Unless you mean he was looking for 212 actual spaces anywhere (InStr, strstr(), String.IndexOf(), etc.) rather than offset 212 in the line?
ding ding ding ding
-
Senior developer
Helping* another senior** developer with a task that he's been working on way too long. The task is to read one text file that contains a list of other filenames, and then verify the existence of those files. His solution was to iterate over each line of the file, identify the target filename, and then iterate over the directory to find the matching filename. *facepalm*
But no, the fun doesn't stop there. His method of extracting the filename was to (VB) Split the line and access the Xth array element. Nothing abnormal about that, but X was 212, and this file could not be that big. Then I saw that the file is fixed-width and that he was Splitting on a space, and he had empirically determined that the filename he was looking for was at that position.
Before the evil instinct took hold to ignore it and let his code fail miserably, I mentioned that it would fail if the next line had, say, only 211 spaces before the filename. I wish I hadn't.
_____
* "Helping" as in nudging him in the right direction, then waiting to see if he can make progress, and then re-nudging when he fails.
** I believe "senior" is in his title; it reflects how long he's been with the company and nothing more.
-
RE: Lets build a vehicle "model" in Excel!
@morbiuswilters said:
corn now being a Federally-protected endangered species.
@morbiuswilters said:
The contractor's painful rickets from a corn-only diet
If corn were an endangered species, then the Sierra Club would have taken down Big Corn, and the contractor would not have been able to afford black-market corn and would have instead eaten baby seal.
-
RE: Fun with single quotes
@Jaime said:
@CarnivorousHippie said:
What alternative to "inline SQL" are you thinking of? Calling "exec sp_foo 'bar', 'baz'" still counts as inline as I choose to understand the term.
Anybody who thinks "inline SQL" and "stored procedure" are mutually exclusive understands the term differently than you do. Since The_Assimilator offered stored procedures as an alternative to inline SQL, he is in that group.Also, your definition of inline SQL isn't very useful, as calling "exec sp_foo @bar, @baz" is still inline SQL by your definition, but injection safe. Heck, your definition allows "sp_executesql 'exec sp_foo @bar, @baz', '@bar varchar(20) @baz varchar(20)', @bar='bar', @baz='baz'" to be called inline SQL, making the term meaningless.
I didn't see Assimilator offer stored procedures as an alternative, or even mention them.
My definition of "inline SQL" (for the purposes of this discussion) is orthogonal to being injection-safe. (Again, different concern.) Generally speaking, if I'm building a SQL string in application code instead of using an Command object or hitting a datalayer, then...
You know, you're right. The adjective 'inline' is redundant. If you're using SQL statements in code, of course it's inline.
-
RE: Fun with single quotes
@Jaime said:
@CarnivorousHippie said:
@Jaime said:
Apparently, it does ...How many times do this have to be said... Parameterizing protects against SQL Injection, stored procedures do not. Properly parameterized inline SQL in injection-proof, stored procedures called without parameterization are vulnerable to SQL Injection.
It didn't need to be said at all. Using parameters to thwart SQL injection and using stored procedures to separate data/interface are different concerns.
@The_Assimilator said:
I'm very disappointed you haven't purposely injected SQL to drop one of the main tables or even the DB. You only need to do it once, because after the system has been down for 3 days and they've been crapped on constantly during that time, they'll never write inline SQL again.
... The_Assimilator is merging those concerns together. It's not an uncommon problem, about 75% of the people I talk to get it wrong.
What alternative to "inline SQL" are you thinking of? Calling "exec sp_foo 'bar', 'baz'" still counts as inline as I choose to understand the term.
-
RE: Fun with single quotes
@Jaime said:
]How many times do this have to be said... Parameterizing protects against SQL Injection, stored procedures do not. Properly parameterized inline SQL in injection-proof, stored procedures called without parameterization are vulnerable to SQL Injection.
It didn't need to be said at all. Using parameters to thwart SQL injection and using stored procedures to separate data/interface are different concerns.