1. 27

  2. 13

    I’m sorry, I’m calling bullshit on the snippet being authentic. I’m sure there’s a lot of bad code out there, but this is too overwhelmingly wrong in neatly orthogonal ways. Sounds to me like a contrived example that tries to be wrong in as many ways as possible, on nearly every line of code.

    1. 6

      Apparently it’s not, according to the linked Reddit post.

      1. 3

        I’ve worked on projects where the initial version was outsourced, and let me tell you: I’ve seen far worse than this. Imagine hundreds of lines of code, no whitespace, non-descriptive variable names, logic that is plain wrong, etc. There is a surprising number of people who do programming that really should not be allowed near a computer.

        1. 2

          Ten-thousand line payment processing function, here. Indexed through hundred-column listview-thing from DotNet framework, most of which were hidden. File had 4 functions, 40k lines, just about. Nightmare.

          [Edit: written by a CS student, who happened to be my boss. Not company owner, but the owner didn’t know better]

        2. 2

          Maybe it came out of some code farm somewhere? I am skeptical too though

          1. 2

            I’ve been chipping in on a stackexchange site recently. This is par for the course, ‘overwhelmingly wrong’ is not an unfamiliar feeling if you browse new questions on SO these days. In fact I’m skeptical that this code didn’t get improved as it having been structured into sensible functions like this is inconsistent.

          2. 6

            Can’t quite agree that it would be fine for a junior developer to write code like that. There has to be some level of education before working in a professional setting surely (unless you want your senior developers to be full time tutors)?

            1. 13

              This is one of the main gripes I have with code camps. While I’ve encountered very good people coming out of those, I’ve encountered a good deal more who are woefully unprepared but mysteriously pass through the interview steps. Usually it takes about <probation period duration length +1 minute> before you figure out exactly how bad it is. By then, the good peeps have found their way and are at least decently junior and very open to feedback, but in other cases it’s just you, paying after the fact for their career change.

              Just to be very very clear: I have nothing against whoever tries this per say. A career change is perfectly normal, and I very much enjoy doing what I do, so I get why they’d want it too. I can’t stand whoever promises them that after barely a few weeks of very basic training in the tech du jour.

              I apologize in advance for my rant because I feel it would put down the people who end up tricked by those specific schemes.

            2. 3

              Maybe I’ve been working at places with low standards, but while this code is objectively terrible it looks like it works (for the most part), and isn’t too complicated. The person that wrote it is hopefully coachable, and the deficiencies can be fixed.

              1. 2

                If it was just "true" == "true", then it’d be fine to say it’s messy but works. But it’s a piece of code that is supposed perform a security check, and fails spectacularly at it. It’s not merely short of using best practices, it’s a complete breach of the entire database.

              2. 3

                I’m not familiar with client-side web dev, can anyone explain why the author claims that .sql cannot be synchronous? Would it not just hang the page until the value is returned or is there something more complex going on?

                1. 2

                  Synchronous HTTP requests are deprecated … well, pretty much shunned … as they play havoc with the browser’s behaviour. It’s pretty tricky to wrap an asynchronous request up into a synchronous API, so the assumption here is that the synchronous HTTP option must be what’s being used.

                  See: https://developer.mozilla.org/en-US/docs/Web/API/XMLHttpRequest/Synchronous_and_Asynchronous_Requests#Synchronous_request

                  1. 1

                    Browsers simply do not expose blocking APIs to javascript code. There isn’t a syscall (or equivalent) you can make that will block.