I’ll give an example. At my previous company there was a program where you basically select a start date, select an end date, select the system and press a button and it reaches out to a database and pulls all the data following that matches those parameters. The horrors of this were 1. The queries were hard coded.

  1. They were stored in a configuration file, in xml format.

  2. The queries were not 1 entry. It was 4, a start, the part between start date and end date, the part between end date and system and then the end part. All of these were then concatenated in the program intermixed with variables.

  3. This was then sent to the server as pure sql, no orm.

  4. Here’s my favorite part. You obviously don’t want anyone modifying the configuration file so they encrypted it. Now I know what you’re thinking at some point you probably will need to modify or add to the configuration so you store an unencrypted version in a secure location. Nope! The program had the ability to encrypt and decrypt but there were no visible buttons to access those functions. The program was written in winforms. You had to open the program in visual studio, manually expand the size of the window(locked size in regular use) and that shows the buttons. Now run the program in debug. Press the decrypt button. DO NOT EXIT THE PROGRAM! Edit the file in a text editor. Save file. Press the encrypt button. Copy the encrypted file to any other location on your computer. Close the program. Manually email the encrypted file to anybody using the file.

  • FigMcLargeHuge@sh.itjust.worksEnglish
    84·
    1 day ago

    Long time ago, but by far the worst for me was when I inherited some code that a previous programmer had done. Every variable was a breakfast item. So if biscuit>bacon then scrambledeggs=10. Shit like that. It was a nightmare and luckily I only had to deal with it infrequently.

    • Quibblekrust@thelemmy.clubEnglish
      7·
      18 hours ago

      Oh god, that’s worse than I’ve seen where a SQL query joining 10 tables aliased all of the tables as a, b, c, d, e, f, g, h, i, j.

      It was a mess, and as a new dev on the project, trying to figure out which where clause was for which table and how things worked was a fucking nightmare. Trying to keep a dictionary of letters to real table names in your head as you looked at the query was very taxing. In the end, I just fixed it all to stop using aliases. Or to use short abbreviations.

      Here’s a mock example:

      SELECT
    j.delivery_eta,
    c.cat_desc,
    a.part_number,
    h.region_label,
    f.wh_loc,
    e.emp_last,
    g.state_flag,
    b.mfg_title,
    i.ship_track_code,
    d.order_sum,
    a.created_on,
    j.last_scanned_at,
    e.emp_first,
    c.cat_code,
    g.state_level
FROM parts AS a
INNER JOIN manufacturers AS b 
    ON a.manufacturers_id = b.id
INNER JOIN categories AS c 
    ON a.categories_id = c.id
INNER JOIN orders AS d 
    ON a.orders_id = d.id
INNER JOIN employees AS e 
    ON d.employees_id = e.id
INNER JOIN warehouses AS f 
    ON a.warehouses_id = f.id
INNER JOIN inv_state AS g 
    ON a.inv_state_id = g.id
INNER JOIN regions AS h 
    ON f.regions_id = h.id
INNER JOIN shipments AS i 
    ON d.shipments_id = i.id
INNER JOIN logistics AS j 
    ON i.logistics_id = j.id
WHERE
    (b.mfg_title LIKE '%Corp%' OR b.mfg_title LIKE '%Global%')
    AND c.cat_desc NOT IN ('Unknown', 'None', 'Legacy')
    AND (d.order_sum > 1000 OR d.order_sum BETWEEN 250 AND 275)
    AND e.emp_last ILIKE '%berg'
    AND (f.wh_loc IN ('A1', 'Z9', 'M3') OR f.wh_loc IS NULL)
    AND g.state_flag IN ('ACT', 'PENDING')
    AND h.region_label NOT LIKE 'EXT-%'
    AND (i.ship_track_code IS NOT NULL AND i.ship_track_code <> '')
    AND (j.delivery_eta < NOW() + INTERVAL '90 days' OR j.last_scanned_at IS NULL)
    AND (a.part_number ~ '^[A-Z0-9]+$' OR a.part_number IS NULL)
    AND (
        (c.cat_code = 'X1' AND g.state_level > 2)
        OR
        (e.emp_first ILIKE 'J%' AND d.orders_id IS NOT NULL)
    );
    • CaptDust@sh.itjust.works
      44·
      1 day ago

      Why do people do stuff like this, is the logic not difficult enough to follow on it’s own without a secondary definition table to consult!? Fucking hell.

      • Björn@swg-empire.de
        9·
        23 hours ago

        Had a programmer like this when I was still an apprentice. He was so full of himself. Was originally a Java programmer but had to program in PHP because that was what ran on the server. I never found out why he couldn’t just put Java on the server. We had full control.

        All his variables were first names. Like $klaus and $grobi. Because he was afraid of clashing with reserved keywords. The thing is, in PHP all variables begin with $ exactly to prevent this issue. So he brought that habit over from Java which was far superior and not such a “Mickey Mouse language”.

        I mean, he wasn’t totally wrong, especially back then PHP was awful. But he surrounded every function with <?php and ?> (PHP was designed to be combined with HTML output outside of these tags) and had plenty of whitespace between them and couldn’t fathom why all his html files had huge swaths of whitespace at the start.

        His way of preventing SQL injection was to look for SQL keywords in user input and then throwing an error in the log files.

    • hddsx@lemmy.ca
      211·
      1 day ago

      I don’t know how old you are but when I was in school, this was just going out of style. They saw this as job security. If you’re the only one who can work on the code, then they won’t fire you

    • vrek@programming.devOPEnglish
      221·
      1 day ago

      I don’t know what’s worse… That program or that you put biscuits greater than bacon…

      Actually I think the greater crime is biscuits being greater than bacon