I’ll give an example. At my previous company there was a program where you basically select a start date, select an end date, select the system and press a button and it reaches out to a database and pulls all the data following that matches those parameters. The horrors of this were 1. The queries were hard coded.
-
They were stored in a configuration file, in xml format.
-
The queries were not 1 entry. It was 4, a start, the part between start date and end date, the part between end date and system and then the end part. All of these were then concatenated in the program intermixed with variables.
-
This was then sent to the server as pure sql, no orm.
-
Here’s my favorite part. You obviously don’t want anyone modifying the configuration file so they encrypted it. Now I know what you’re thinking at some point you probably will need to modify or add to the configuration so you store an unencrypted version in a secure location. Nope! The program had the ability to encrypt and decrypt but there were no visible buttons to access those functions. The program was written in winforms. You had to open the program in visual studio, manually expand the size of the window(locked size in regular use) and that shows the buttons. Now run the program in debug. Press the decrypt button. DO NOT EXIT THE PROGRAM! Edit the file in a text editor. Save file. Press the encrypt button. Copy the encrypted file to any other location on your computer. Close the program. Manually email the encrypted file to anybody using the file.
A bit of Perl code from the late 90s/early 2000s that worked something like this (working from memory, untested):
my $hits = `grep $search_string $file`; my @lines = split /\n/, $hits; my @real_hits; for( my $i = 0; $i < scalar(@lines); $i++ ) { my $line = $lines[0]; if( $line =~ /$search_string/ ) { push @real_hits, $line; } }Let me explain a bit about what this does. Instead of reading a file line-by-line and using Perl’s regex engine to match, it uses backticks to call out to the shell for
grep. Those are split up by line. Then go through those lines (in a C-styleforloop, not the perfectly goodforeachversion that Perl has had for a long time) and now we use a regex to match that line. You know, just in case shellgrepdidn’t do its one job.If anything, I’m probably making this code look better by declaring variables with
myand followinguse strictstandards.This was written by a guy who was the main programmer before I was hired. I was told he was a real piece of shit. He often had some checks in his code that, if not passed, threw messages to the client like “WE HAVE DETECTED YOUR HACKING AND LOGGED YOUR IP ADDRESS WE’RE GOING TO GET YOU”. Never met him personally, but his code is a pretty good example of why everyone came to hate Perl.