A common class of bad code is the code which mixes server side code with client side code. This kind of thing:
<script>
<span class="hljs-meta"><?php</span> <span class="hljs-keyword">if</span> (someVal) { <span class="hljs-meta">?></span>
<span class="hljs-keyword">var</span> foo = <span class="hljs-meta"><?</span> <span class="hljs-keyword">echo</span> someOtherVal <span class="hljs-meta">?></span>;
<span class="hljs-meta"><?php</span> } <span class="hljs-keyword">else</span> { <span class="hljs-meta">?></span>
<span class="hljs-keyword">var</span> foo = <span class="hljs-number">5</span>;
<span class="hljs-meta"><?php</span> } <span class="hljs-meta">?></span>
</script>
We’ve seen it, we hate it, and is there really anything new to say about it?
Well, today’s anonymous submitter found an “interesting” take on the pattern.
<script>
<span class="hljs-keyword">if</span>(linkfromwhere_srfid==<span class="hljs-string">'vff'</span>)
{
<span class="hljs-meta"><?php</span>
<span class="hljs-variable">$vff</span> = <span class="hljs-number">1</span>;
<span class="hljs-meta">?></span>
}
</script>
Here, they have a client-side conditional, and based on that conditional, they attempt to set a variable on the server side. This does not work. This cannot work: the PHP code executes on the server, the client code executes on the client, and you need to be a lot more thoughtful about how they interact than this.
And yet, the developer responsible has done this all over the code base, pushed the non-working code out to production, and when it doesn’t work, just adds bug tickets to the backlog to eventually figure out why- tickets that never get picked up, because there’s always something with a higher priority out there.
[Advertisement]Keep all your packages and Docker containers in one place, scan for vulnerabilities, and control who can access different feeds. ProGet installs in minutes and has a powerful free version with a lot of great features that you can upgrade when ready.Learn more.
Source: Read MoreÂ
