You can't imagine how many lines of pure and utter horseshit, seemingly written in PHP, I had to dig through this whole weekend. (relating to my 2 previous rants)

How is it even possible to write code this unbelievably ugly?

Examples:
- includes within loops
- included files use variables from parent files
- start- and endtags separated to different files
- SQL queries generated by string concatenation, no safety measures at all (injection)
- repeating DB calls within loops
- multiple directories with the same code (~40 files), only different by ~8 lines, copied
- a mixture of <?php echo ... ?> and <?= ... ?>
- a LOT of array accesses and other stuff prefixed with "@" (suppress error messages)
- passwords in cleartext
- random non-RESTful page changes with a mixture of POST and GET
- GET parameters not URL-encoded
- ...

My boss told me it took this guy weeks and weeks of coding to write this tool (he's an "experienced dev", of course WITHOUT Git).

Guess what?
It took me only 20 hours and about 700 lines of code.

I must confess, since this task, I don't hate PHP anymore, I just simply hate this dev to death.

Addendum: It's Monday, 5:30am. Good night. 😉

String concatenation in PHP is the 'dumb'.'est';

SQL Queries built up using string concatenation.

Death is too kind.

1.5 million lines of undocumented spaghetti code. Think 500~1000 lines functions, 5k+ lines classes, string html concatenation. You name it, it had it. And complete unwillingness to improve it by the company. I eventually quit after considering doing it about 2, 3 times.

Php code without any class. Every page is a separate php file in project root folder.

Everything is all over the place, code repetition is everywhere.

The worst part? No security. The sql calls are with mysql_ functions and string concatenation. Files are just uploaded without checking.

And I had to repair it.

Ahhh yes Prof, because I really want to be doing more work than I need to be...

// Tedious string concatenation.
System.out.println("a: " + a + " b: " + b);

// Output using string formatting.
System.out.printf("a: %d b: %d\n", a, b);

But, hey that's just my opinion.

I worked with a developer for months. He was senior to me; on more money than me and had way more experience. I spent at least 25% of my time explaining the most basic stuff to him. Things like 'no, that's not how a cache works', 'no, you shouldnt be doing string concatenation inside a loop', 'no you've completely written the wrong thing because you didn't listen'

When he left, he claimed to have finished off a feature for our application. We dove into it, rewrote it, made it more efficient, the code cleaner, the documentation more succinct and the logic more obvious. When I say we, I mean me and a student, and by me and a student, I mean the student with some very light prodding from me.

Am currently at a jamboree where one kid said he was really good at maths. Then another younger kid asked him what 12 + 12. The first kid then said 24 to which the second kid laughed and said "twelvetwelve". Then the small kid promptly ran away yelling "catch me catch me".

They really do say the darnest things, but concatenation was unexpected :v

Best debugging trick ever:

Wear your fucking glasses while coding so that you do not mistake COMMA(,) with a DOT (.).

So by
1. Doing that (which obviously aren't a huge number) and
2. Cleaning my screen (yes that).

I was able to wrap my head around the issue that almost wasted one day.
So what I intended to pass as string concatenation join operation value actually was being passed as an argument to the underlying function (that wasn't taking care of it and returning a timestamp from thin air).

Murphy's Law in production and practice.
Nice!

Depressing music continues......!

Today's rant: JavaScript's type system.

I realized halfway through that I can't happily call JavaScript a "programming language" so just assume
alias programming="scripting"

I'm sure it's not actually as frustrating as it seems to me. Thing is, I'm used to either statically-typed languages or dynamically-typed languages that actually make sense. If I were to try to add an integer to something I'd forgotten was a string in Python, it'd immediately tell me "look, buddy, do you want me to treat this as a concatenation or an addition? I have no idea the way you've got this written." I've found that mistakes are a common thing with dynamic typing. Maybe I'm just not experienced enough yet, maybe it's really as stupid as it looks. JavaScript just goes "hey look I'm gonna tack all of these guys together and make a weird franken-string like '$NaN34.$&' because that's absolutely what we want here!" Then I run my webpage and instead of a nice numeric total like I wanted, good old JavaScript just went "Yep, I have no idea what I'm doing here I'm just gonna drop this here and pretend it's right." Now absolutely I do not expect my programming language to make correct assumptions and read my mind, otherwise JavaScript would be programming me and not the other way around. But it could at least let me know that I had incompatible types going on rather than just shamelessly going along with what it's doing. Good GRIEF, man, some of the idiosyncrasies of the EMCAScript language definition itself just make me want to punch a horse.

Who the hell returns a SOAP response with a CDATA node containing a text string that is a concatenation of XML document?

Someone hates me...

I thought I'd seen the worst possible code.
Until I saw this stored procedure. It was forming a string of JSON by concatenation of double quotes and queries in between.
No wonder it took upwards of 200 seconds to insert just one record.

My god, I just had to use a very ugly hack involving HTML generation via string concatenation, passing a function as a parameter and closures.

Now I appreciate languages that achieve such things naturally even more.

When rookies start learning new ways to format Python strings...

String concatenation using + instead of StringBuilder....
Using prototype objects instead of singleton wherever required..

Just sat through a demo of some clicky-draggy data visualisation stuff.

The guy showed us how you can write a custom script that takes a user input and pokes it into a sql command using string concatenation, so a very obvious injection vulnerability.

Ok, so it's only a demo. But you wouldn't do a demo with an example user called Captain Cock, so why do a demo with a screamingly obvious security hole?

Whole thing was basically pivot tables in a short skirt anyway.