Working with legacy applications

Whether you're a newbie or an experienced programmer, any questions, help, or just talk of any language will be welcomed here.

Moderator: Coders of Rage

Post Reply
User avatar
dandymcgee
ES Beta Backer
ES Beta Backer
Posts: 4709
Joined: Tue Apr 29, 2008 3:24 pm
Current Project: https://github.com/dbechrd/RicoTech
Favorite Gaming Platforms: NES, Sega Genesis, PS2, PC
Programming Language of Choice: C
Location: San Francisco
Contact:

Working with legacy applications

Post by dandymcgee »

Code: Select all

//UNSAFE (String Concatenation) query.  Necessary for backward compatibility with the old system
//which stores the query and uses it while querying the ticket list
//Warning: Dynamic queries are UNSAFE and prone to SQL injection!! This should really be fixed..
//==========================================================
query += value;
//==========================================================

//SAFE (Parameterized) query not used due to compatibility issues :(
//==========================================================
//query += "@Value" + row.Index;

//SqlParameter param = new SqlParameter();
//param.ParameterName = "@Value" + row.Index;
//param.Value += value;
//cmd.Parameters.Add(param);
//==========================================================
Anyone else ever had to painfully write code against all better judgement due to limitations of legacy code? It's a terrible feeling.
Falco Girgis wrote:It is imperative that I can broadcast my narcissistic commit strings to the Twitter! Tweet Tweet, bitches! :twisted:
User avatar
MarauderIIC
Respected Programmer
Respected Programmer
Posts: 3406
Joined: Sat Jul 10, 2004 3:05 pm
Location: Maryland, USA

Re: Working with legacy applications

Post by MarauderIIC »

Yes. At least check to see if its a digit :(
I realized the moment I fell into the fissure that the book would not be destroyed as I had planned.
User avatar
dandymcgee
ES Beta Backer
ES Beta Backer
Posts: 4709
Joined: Tue Apr 29, 2008 3:24 pm
Current Project: https://github.com/dbechrd/RicoTech
Favorite Gaming Platforms: NES, Sega Genesis, PS2, PC
Programming Language of Choice: C
Location: San Francisco
Contact:

Re: Working with legacy applications

Post by dandymcgee »

MarauderIIC wrote:Yes. At least check to see if its a digit :(
The values aren't digits though, they're arbitrary filter terms. I'm going to at least prevent single quotes and double dashes though. This is an internal app, so SQL injection isn't a huge deal as long as it's not easy to do accidentally.
Falco Girgis wrote:It is imperative that I can broadcast my narcissistic commit strings to the Twitter! Tweet Tweet, bitches! :twisted:
User avatar
MarauderIIC
Respected Programmer
Respected Programmer
Posts: 3406
Joined: Sat Jul 10, 2004 3:05 pm
Location: Maryland, USA

Re: Working with legacy applications

Post by MarauderIIC »

Oh, I wasn't paying attention. Was seeing "+ row.Index" and thought it was a digit, now I see you're modifying the variable name in the safe version.
I realized the moment I fell into the fissure that the book would not be destroyed as I had planned.
User avatar
dandymcgee
ES Beta Backer
ES Beta Backer
Posts: 4709
Joined: Tue Apr 29, 2008 3:24 pm
Current Project: https://github.com/dbechrd/RicoTech
Favorite Gaming Platforms: NES, Sega Genesis, PS2, PC
Programming Language of Choice: C
Location: San Francisco
Contact:

Re: Working with legacy applications

Post by dandymcgee »

MarauderIIC wrote:Oh, I wasn't paying attention. Was seeing "+ row.Index" and thought it was a digit, now I see you're modifying the variable name in the safe version.
Yeah it's a bit out of context, this code is in a loop that iterates through the row collection of a UI grid of user-defined expressions in order to build a filter query.
Falco Girgis wrote:It is imperative that I can broadcast my narcissistic commit strings to the Twitter! Tweet Tweet, bitches! :twisted:
Post Reply