this post was submitted on 19 Jul 2023
409 points (97.2% liked)

Programmer Humor

19618 readers
1 users here now

Welcome to Programmer Humor!

This is a place where you can post jokes, memes, humor, etc. related to programming!

For sharing awful code theres also Programming Horror.

Rules

founded 1 year ago
MODERATORS
 
all 11 comments
sorted by: hot top controversial new old
[–] z3n0x@feddit.de 52 points 1 year ago (1 children)

Sometimes you know before opening the comments what the top one will be

[–] PriorProject@lemmy.world 50 points 1 year ago

I thought that was the first rule of rendering web content? Or was it protocol parsers?

I remember, it was first rule of video game character creation screens:

choose wisely: wisely

[–] galaxies_collide@lemmy.world 27 points 1 year ago

Second rule of SQL: Never trust user input. Third rule of SQL: Never trust user input.

[–] TheSaneWriter@lemmy.thesanewriter.com 22 points 1 year ago (1 children)

Honestly, this is a good rule for programming in general. With user input, make sure it's in its own area where it can't interact with anything else and make sure to read and process in such a way that it can't fuck with the operation of the program.

[–] kevincox@lemmy.ml 3 points 1 year ago

It should be the first rule of building any formatted string. I see code daily building HTML, JSON, CSS, CSV, shell scripts or whatever just by bashing strings together. If you are lucky they do some form of escaping most of the time.

Really we should get in the habit of using proper encoders. Don't think of these types as just strings you can substitute into, use some library that will actually write these things properly. Thankfully JS has JSON.stringify and good object literals so at least you don't see shitty JSON encoding often (just sometimes when embedded in HTML). I wonder if adding string interpolation was a mistake. It makes it so easy to do the wrong thing. Of course there are cases where you want to format `Hello ${user.name}` or other human readable strings. But more often than not I see it being used incorrectly.

[–] howdy@thesimplecorner.org 13 points 1 year ago (1 children)
[–] Evil_Shrubbery@lemmy.zip 6 points 1 year ago

I also satanise every input I can, as an extra level of security.

[–] CIA_chatbot@lemmy.world 11 points 1 year ago

Ahh yes, the little Bobby tables rule

[–] Evil_Shrubbery@lemmy.zip 7 points 1 year ago

All your base are drop to us!