CodeSOD: An Echo In Here in here

by
Remy Porter
from The Daily WTF on (#7049Z)

Tobbi sends us a true confession: they wrote this code.

The code we're about to look at is the kind of code that mixes JavaScript and PHP together, using PHP to generate JavaScript code. That's already a terrible anti-pattern, but Tobbi adds another layer to the whole thing.

if (AJAX){ <?php echo "AJAX.open(\"POST\", '/timesheets/v2/rapports/FactBCDetail/getDateDebutPeriode.php', true);"; ?> AJAX.setRequestHeader("Content-type", "application/x-www-form-urlencoded"); AJAX.onreadystatechange = callback_getDateDebutPeriode; AJAX.send(strPostRequest);}if (AJAX2){ <?php echo "AJAX2.open(\"POST\", '/timesheets/v2/rapports/FactBCDetail/getDateFinPeriode.php', true);"; ?> AJAX2.setRequestHeader("Content-type", "application/x-www-form-urlencoded"); AJAX2.onreadystatechange = callback_getDateFinPeriode; AJAX2.send(strPostRequest);}

So, this uses server side code to... output string literals which could have just been written directly into the JavaScript without the PHP step.

"What was I thinking when I wrote that?" Tobbi wonders. Likely, you weren't thinking, Tobbi. Have another cup of coffee, I think you need it.

All in all, this code is pretty harmless, but is a malodorous brain-fart. As for absolution: this is why we have code reviews. Either your org doesn't do them, or it doesn't do them well. Anyone can make this kind of mistake, but only organizational failures get this code merged.

proget-icon.png [Advertisement] Keep the plebs out of prod. Restrict NuGet feed privileges with ProGet. Learn more.
External Content
Source RSS or Atom Feed
Feed Location http://syndication.thedailywtf.com/TheDailyWtf
Feed Title The Daily WTF
Feed Link http://thedailywtf.com/
Reply 0 comments