This was during a C programming class, someone wrote that code to 'use' a null terminated string. Both me and the teacher spent quite a while staring at it, trying to 'guess' why it crashes.
void use_str(const char * str)
//do something with char in *str
Also, a nice attempt to hardcode the password in php that someone I know did on their personal filesharing website (I'm not good with PHP, so this code might be wrong, but you get the idea ).
if ($pass === "password1" || "password2")
Ah that zero terminated string thing must have been crashing bad unless you sent NULL to it...
The PHP code example, I believe is more common that you would like to know. Seems like perfectly legal PHP to me, but I assume the point is that you should never put your password in clear text in the source file?
It has been a while since I have touched PHP now, but I used to do a trick like this to make sure I had number values from user input fields:
$user_input += 0;
//Then use in an SQL query, safely knowing it can't be escaped...
Not sure if that is still regarded as a safe trick to force number values.
-- Oh, and I actually used the 'eval' function on data that was sent from the user once... Not a good idea unless you really are knowing what you are doing.
I should have written down all the stupid errors I have done during the years, and I would be able to fill a whole book lol...
Edited by aregee, 17 July 2014 - 04:16 AM.