Skip navigation.
Home
The PHP WTF
Home

Holy SQL Batman!

Submitted by phrax on Mon, 2004-11-01 15:16. Bad Architecture

Thanks to Alex @ The Daily WTF for forwarding this to me. This little chunk of code comes from a home made discussion forum. Too bad I didn't get this before Halloween because it's high on the scary factor.

There's nothing like doing 35 string operations in a SQL query to make sure your database server isn't slacking off.

<?php
function Odcesti($slovo,$nazevsloupce)
{

$exp = explode(" ", strtolower($slovo));
$query = implode("%", $exp);

$query=StrTr($query,
"\xC1\xC8\xCF\xC9\xCC\xCD\xBC\xD2\xD3\xD4\xD8\x8A".
"\x8D\xDA\xD9\xDD\x8E\xE1\xE8\xEF\xE9\xEC\xED".
"\xBE\xF2\xF4\xF3\xF8\x9A\x9D\xFA\xF9\xFD\x9E",
"acdeeilnoorstuuyzacdeeilnoorstuuyz");

return " LOWER(
REPLACE( REPLACE( REPLACE( REPLACE( REPLACE( REPLACE(
REPLACE( REPLACE( REPLACE( REPLACE( REPLACE( REPLACE(
REPLACE( REPLACE( REPLACE( REPLACE( REPLACE(
REPLACE( REPLACE( REPLACE( REPLACE( REPLACE( REPLACE(
REPLACE( REPLACE( REPLACE( REPLACE( REPLACE( REPLACE(
REPLACE( REPLACE( REPLACE( REPLACE( REPLACE($nazevsloupce,
'\xC1','a'),'\xC8','c'),'\xCF','d'),'\xC9','e'),'\xCC','e'),
'\xCD','i'),'\xBC','l'),'\xD2','n'),'\xD3','o'),'\xD4','o'),
'\xD8','r'),'\x8A','s'),'\x8D','t'),'\xDA','u'),'\xD9','u'),
'\xDD','y'),'\x8E','z'),'\xE1','a'),'\xE8','c'),'\xEF','d'),
'\xE9','e'),'\xEC','e'),'\xED','i'),'\xBE','l'),'\xF2','n'),
'\xF4','o'),'\xF3','o'),'\xF8','r'),'\x9A','s'),'\x9D','t'),
'\xFA','u'),'\xF9','u'),'\xFD','y'),'\x9E','z')) like '%$query%'";
}
?>

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

Submitted by Charles (not verified) on Mon, 2004-11-01 11:43.
This, ladies and gentlemen, is the very definition of WTF.
» reply

Submitted by bbalint (not verified) on Mon, 2004-11-01 13:54.

for the first time... i thought this will be some stuff that will be sent directly to the database server to make sure your database server isn't slacking off

but for a second thought, and when i've read the lead not only the code, i see the real wtf ... funny and ugly

» reply

Submitted by foxyshadis (not verified) on Mon, 2004-11-01 21:53.
I like how the character translations are hidden behind hex code, just to make sure you have no idea exactly which characters are being referenced. (Maybe it's really a rot13 gag!)
» reply

Submitted by The_REX (not verified) on Tue, 2004-11-02 01:04.
Yeaah ...
Looks like that WTF is written by a russian coder, becouse i tried to print thouse characters in a php script and most of them did look like cyrilic characters and the name of one of the variable names in russian means "word".
» reply

Submitted by Martin (not verified) on Tue, 2004-11-02 01:43.
It's in Czech. "odcesti()" means something similar to "depath()", "slovo" is in fact "word" (Slavonic language..) and "nazevsloupce" is "columnname".

Doesn't really help much to understand it though..
» reply

Submitted by matejcik (not verified) on Tue, 2004-11-02 04:46.
martin: odcesti->odčešti :e))
the "odcesti" means "unczech"...

what this code does, is to remove diacritics (signs above letters in czech) in the query word, and tests the "unczeched" word against similarly unczeched word in the database.

those hex codes mean letters with diacritics
i'll try to show, but i'm unsure about how this will be displayed... submitting those in utf-8 so switch your charset:
á -> a
č -> c
ě -> e
é -> e
ň -> n
ř -> r
ů -> u
and so on and so on.

the way to do this properly ... well, not to do it at all. either strip diacritics before insertion into db, or use consistent character set and search without translation.
or is there something like strtr for a database?
» reply

Post new comment




*

  • Web and e-mail addresses are automatically converted into links.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <pre> <p> <br /> <br>
More information about formatting options