Worst coding you've seen

[tibberous]

I just saw a table, where users had 'Active' and 'Inactive' fields. All the queries literally read:

 

update `users` set Active=1, Inactive=0....

 

Site is horrible all around. All the html is in caps (<TABLE><TR><TD>...) I'm trying not to lowercase it all, but it bugs the shit out of me.

 

Whats the worst you guys have seen?

[Daniel0]

I'm a TA on a first year CS course at my university. I grade programming assignments each week. Let's just say that not all of the code beautiful

[The Little Guy]

function getOne($query){
     $sql = mysql_query($query);
     $row = mysql_fetch_array($sql);
     return $row[0];
}

$sql = mysql_query("SELECT COUNT(*) FROM members"); // Returns 15,000 Rows
echo '<table>';
echo "<tr>
     <th>First Name</th>
     <th>Last Name</th>
     <th>Email</th>
</tr>";
while($row = mysql_fetch_assoc($sql)){
     $member_id = $row['member_id'];
     $firstName = getOne("SELECT first_name FROM members WHERE member_id = $member_id");
     $lastName = getOne("SELECT last_name FROM members WHERE member_id = $member_id");
     $email = getOne("SELECT email FROM members WHERE member_id = $member_id");
     echo "<tr>
          <td>$firstName</td>
          <td>$lastName</td>
          <td>$email</td>
     </tr>";
}
echo '</table>';

 

After this is run, you just ran over 45,000 queries. This could have been run with one query.

 

One of my co-workers wrote something just like this.

[tibberous]

  Quote

function getOne($query){
     $sql = mysql_query($query);
     $row = mysql_fetch_array($sql);
     return $row[0];
}

$sql = mysql_query("SELECT COUNT(*) FROM members"); // Returns 15,000 Rows
echo '<table>';
echo "<tr>
     <th>First Name</th>
     <th>Last Name</th>
     <th>Email</th>
</tr>";
while($row = mysql_fetch_assoc($sql)){
     $member_id = $row['member_id'];
     $firstName = getOne("SELECT first_name FROM members WHERE member_id = $member_id");
     $lastName = getOne("SELECT last_name FROM members WHERE member_id = $member_id");
     $email = getOne("SELECT email FROM members WHERE member_id = $member_id");
     echo "<tr>
          <td>$firstName</td>
          <td>$lastName</td>
          <td>$email</td>
     </tr>";
}
echo '</table>';

 

After this is run, you just ran over 45,000 queries. This could have been run with one query.

 

One of my co-workers wrote something just like this.

 

Yeah - an ex-coworker of mine had some kind of shitty, object-based mysql library he used. Thing made so many querys, and didn't work with anything more complex than a select or insert statement.  I HATE when people try and wrap core features of the language. I have a general.php file I use in projects, but it's just general utility functions that PHP doesn't have.

[Garethp]

My own coding in the first couple months of PHP. Seriously, after what I coded, I'll never see something worse. Here's a recap

 

Huge if-else statements for the login

Login stored in Cookies

Password stored in Cookies

No hashing

No SQL Injection Protection

Str_Replace EVERYWHERE instead of regex

for /profile/username, I dynamically generated a folder each time a user signed up (No idea of Mod_Rewrite at the time)

No functions for reuse

I didn't know I could store two mysql results at a time

No Autoincrement on my columns

Little to no relationships in the database

No verification of ANY data

 

Needless to say this was a personal project, I wouldn't have dreamed of going pro at that time. I was 13 and learning out of curiosity

[Pikachu2000]

  Quote

Str_Replace EVERYWHERE instead of regex

 

That isn't necessarily a bad thing.

[PFMaBiSmAd]

LOL, The C code in php for sessions that deals with register_globals and session_register. Now let me see, just where exactly did I put that variable I wanted to save to the session data file...

 

Session_register actually works with register_globals off (for those people who still have session_register statements in their code) and causes the contents of the variable you registered to be what is saved to the session data file, not a preexisting $_SESSION variable you thought would be saved to the session data file when your script ends, unless you assign a new value to the $_SESSION variable, in which case the $_SESSION variable will be what is written to the session data file.

[Philip]

  Quote

for /profile/username, I dynamically generated a folder each time a user signed up (No idea of Mod_Rewrite at the time)

 

>.<

 

That must've been a lot of unneeded files/folders!

[lastkarrde]

Looking back, the code I wrote during the first year of knowing PHP was pretty horrible. Although I do proudly remember never using the global keyword once in any of my scripts .

 

As for bad code now, Wordpress is pretty horrible.

[Anti-Moronic]

I'd have to say my own code also when I first started programming. No indentation, spacing, nothing. I took on a small project near the start and while the code worked I was firmly put in my place.

 

Since then I actively follow best practices and refine my code/techniques/tools as much as possible.

[JonnoTheDev]

I had the pleasure of working with a project that had been made entirely using the following method:

 

<?php

function foo() {
global $var1;
global $var2;
global $var3;
global $var4;
global $var5;

echo "<table>";
// rest of function code
}

function bar() {
global $x;
global $y;

echo "</table>";
// rest of function code
}

$var1 = "some text";
$var2 = "some text";
$var3 = "some text";
$x = $_POST['x'];
$y = $_GET['y'];

foo();
bar();
?>

 

Too one look and said f*** this. Was easier to rewrite entire sections instead of trying to understand the logic.