A common class of bad code is the code which mixes server side code with client side code. This kind of thing:
<script>
<?php if (someVal) { ?>
var foo = <? echo someOtherVal ?>;
<?php } else { ?>
var foo = 5;
<?php } ?>
</script>
We’ve seen it, we hate it, and is there really anything new to say about it?
Well, today’s anonymous submitter found an “interesting” take on the pattern.
<script>
if(linkfromwhere_srfid=='vff')
{
<?php
$vff = 1;
?>
}
</script>
Here, they have a client-side conditional, and based on that conditional, they attempt to set a variable on the server side. This does not work. This cannot work: the PHP code executes on the server, the client code executes on the client, and you need to be a lot more thoughtful about how they interact than this.
And yet, the developer responsible has done this all over the code base, pushed the non-working code out to production, and when it doesn’t work, just adds bug tickets to the backlog to eventually figure out why- tickets that never get picked up, because there’s always something with a higher priority out there.
[Advertisement]Keep all your packages and Docker containers in one place, scan for vulnerabilities, and control who can access different feeds. ProGet installs in minutes and has a powerful free version with a lot of great features that you can upgrade when ready.Learn more.
Source: Read MoreÂ