I'm currently reading someone else's PHP
code and it's a disconcerting thing to read code without any comments whatsoever except for the occasional
// insert into database here
. This code isn't the most elegant around and shows some really weird things like using
before inserting into a database and then tediously converting
back to newlines again for the update function.
In fact this reminds me a bit of some code I used to write when I first started with PHP, though I only used that on my own site and didn't use this in production or release.
One of the things I was asked to do was tighten up the security of this app, though I haven't found a really big flaw yet. The code seems ungainly (possibly also due to the extremely unhelpful variable names like
, as in the sound a sheep makes, this is code that has to do with a newspage, nothing about cattle in here, move along) and awkward but it is secure as far as I can tell. (I might still find some big gaping hole as I still haven't figured out what a lot of the files are doing (there's a lot of cruft and dead experiments left behind.))
Still: why would anyone use code to split the parameters from a URL
to see what to do in certain circumstances? If you got a URL like http://www.example.com/index.php?delete=yes&id=12 it's pretty clear you could just grab the $delete and $id variables from the environment like so:
$delete = $_GET['delete'];
$id = $_GET['id'];
Instead the person writing this used a complicated series of
list(), split() and explode()
Fifteen lines wasted, 20 minutes wasted trying to figure out what's happening where and why. Still, it's a fun puzzle and it'll be fun to throw it all out and start afresh if that's what is deemed to only way to salvage this site (and I suspect it might be).
Back to my puzzle.