CodeSOD: Nothing Wagered, Nothing Errored

Cassi continues the fight against ancient, creaky PHP code.

Today, it's particularly ancient- according to source control, it predates PHP 5.0 (and thus structured exceptions, and in this case may predate the current century). So the fact that this sets a pass-by-reference $errMsg variable and returns false on an error isn't the WTF in the code.

$infoPtr->mysqlName = $row["mysqlName"]; if (!$infoPtr->mysqlName) { $errMsg = "No table named \"" . $infoPtr->mysqlName ."\""; return(false); }

The surrounding code supports dynamically generating queries (through string concatenation, naturally), but does its best to do some validation of those inputs. For example, it attempts to confirm that the table we're about to query exists in the database.

So we read the data out of the $row in the database, and if the resulting value is false-y (we'd expect it to be empty), we want to generate an error message… using that empty value. So no matter the inputs, the output would be No table named "".

This code is as it was when first added to source control. There have been no modifications, which means this has never correctly generated output. The weird irony of this is that the only way the error would say anything else is if you had a table named false, which is also a case where you shouldn't have an error to begin with.

Cassi is refactoring this code to add actual exceptions and clean up these mistakes, but this has been in the code base for longer than most of our careers.

[Advertisement] Otter - Provision your servers automatically without ever needing to log-in to a command prompt. Get started today!

This post originally appeared on The Daily WTF.

Leave a Reply

Your email address will not be published. Required fields are marked *