CodeSOD: Pay for this Later
Ross needed to write software to integrate with a credit card payment gateway. The one his company chose was relatively small, and only served a handful of countries- but it covered the markets they cared about and the transaction fees were cheap. They used XML for data interchange, and while they had no published schema document, they did have some handy-dandy sample code which let you parse their XML messages.
$response = curl_exec($ch);$authecode = fetch_data($response, '<authCode>', '</authCode>');$responsecode = fetch_data($response, '<responsecode>', '</responsecode>');$retrunamount = fetch_data($response, '<returnamount>', '</returnamount>');$trxnnumber = fetch_data($response, '<trxnnumber>', '</trxnnumber>');$trxnstatus = fetch_data($response, '<trxnstatus>', '</trxnstatus>');$trxnresponsemessage = fetch_data($response, '<trxnresponsemessage>', '</trxnresponsemessage>');
Well, this looks... worrying. At first glance, I wonder if we're going to have to kneel before Zalgo. What exactly does fetch_data actually do?
function fetch_data($string, $start_tag, $end_tag){ $position = stripos($string, $start_tag); $str = substr($string, $position); $str_second = substr($str, strlen($start_tag)); $second_positon = stripos($str_second, $end_tag); $str_third = substr($str_second, 0, $second_positon); $fetch_data = trim($str_third); return $fetch_data;}
Phew, no regular expressions, just... lots of substrings. This parses the XML document with no sense of the document's structure- it literally just searches for specific tags, grabs whatever is between them, and calls it done. Nested tags? Attributes? Self-closing tags? Forget about it. Since it doesn't enforce that your open and closing tags match, it also lets you grab arbitrary (and invalid) document fragments- fetch_data($response, "<fooTag>", "<barTag>"), for example.
And it's not like this needs to be implemented from scratch- PHP has built-in XML parsing classes. We could argue that by limiting ourselves to a subset of XML (which I can only hope this document does) and doing basic string parsing, we've built a much simpler approach, but I suspect that after doing a big pile of linear searches through the document, we're not really going to see any performance benefits from this version- and maintenance is going to be a nightmare, as it's so fragile and won't work for many very valid XML documents.
It's always amazing when TRWTF is neither PHP nor XML but... whatever this is.
[Advertisement] Plan Your .NET 9 Migration with ConfidenceYour journey to .NET 9 is more than just one decision.Avoid migration migraines with the advice in this free guide. Download Free Guide Now!