The daily WTF Greatest Hits II
Posted by Jorge Bernal April 13, 2006
This one is definitely winning my personal contest of worst code piece ever by now:
function saveform()
{
var firstName = escapeSql(mainForm.elements.txtFirstName.value);
var lastName = escapeSql(mainForm.elements.txtLastName.value);
/* ... */
var offerCode = escapeSql(mainForm.elements.txtOfferCode.value);
var code =
' $cn = mssql_connect($DB_SERVER, $DB_USERNAME, $DB_PASSWORD) ' +
' or die("ERROR: Cannot Connect to $DB_SERVER"); ' +
' $db = mssql_select_db($DB_NAME, $cn); ' +
' ' +
' if (mssql_query("SELECT 1 FROM APPS WHERE SSN=\''+ssn+'\'", $cn)) ' +
' { $ins = false; } ' +
' else ' +
' { $ins = true; } ' +
' ' +
' if ($ins) { ' +
' $sql = "INSERT INTO APPS (FIRSTNM, LASTNM, ..., OFFERCD) VALUES ("; ' +
' $sql+= "\''+firstName+'\',"; ' +
' $sql+= "\''+lastName+'\',"; ' +
' $sql+= "\''+offerCode+'\')"; ' +
' ' +
' /* ... */ ' +
' ' +
' mssql_query($sql, $cn); ' +
' mssql_close($cn); ';
execPhp(code);
}
I wonder who’d kill who if someone saves the HTML code and changes $sql to DELETE FROM APPS.
Via Client-side PHP
Loading ...
This one is definitely winning my personal contest of worst code piece ever by now:
function saveform() { var firstName = escapeSql(mainForm.elements.txtFirstName.value); var lastName = escapeSql(mainForm.elements.txtLastName.value); /* ... */ var offerCode = escapeSql(mainForm.elements.txtOfferCode.value); var code = ' $cn = mssql_connect($DB_SERVER, $DB_USERNAME, $DB_PASSWORD) ' + ' or die("ERROR: Cannot Connect to $DB_SERVER"); ' + ' $db = mssql_select_db($DB_NAME, $cn); ' + ' ' + ' if (mssql_query("SELECT 1 FROM APPS WHERE SSN=\''+ssn+'\'", $cn)) ' + ' { $ins = false; } ' + ' else ' + ' { $ins = true; } ' + ' ' + ' if ($ins) { ' + ' $sql = "INSERT INTO APPS (FIRSTNM, LASTNM, ..., OFFERCD) VALUES ("; ' + ' $sql+= "\''+firstName+'\',"; ' + ' $sql+= "\''+lastName+'\',"; ' + ' $sql+= "\''+offerCode+'\')"; ' + ' ' + ' /* ... */ ' + ' ' + ' mssql_query($sql, $cn); ' + ' mssql_close($cn); '; execPhp(code); }I wonder who’d kill who if someone saves the HTML code and changes $sql to
DELETE FROM APPS.Via Client-side PHP
Wow that is really stupid indeed!
Would be faster to just print the db url, user, and passwd on the website if this guy wants his db to be borked
Ouh… “Les grands esprits se rencontrent”…
In fact, this is pretty stupid. I don’t hack much.. But I see that this is stupid though…