Skip navigation.
Home

Holy SQL Batman!

Bad Architecture

Thanks to Alex @ The Daily WTF for forwarding this to me. This little chunk of code comes from a home made discussion forum. Too bad I didn't get this before Halloween because it's high on the scary factor.

There's nothing like doing 35 string operations in a SQL query to make sure your database server isn't slacking off.

<?php
function Odcesti($slovo,$nazevsloupce)
{

$exp = explode(" ", strtolower($slovo));
$query = implode("%", $exp);

$query=StrTr($query,
"\xC1\xC8\xCF\xC9\xCC\xCD\xBC\xD2\xD3\xD4\xD8\x8A".
"\x8D\xDA\xD9\xDD\x8E\xE1\xE8\xEF\xE9\xEC\xED".
"\xBE\xF2\xF4\xF3\xF8\x9A\x9D\xFA\xF9\xFD\x9E",
"acdeeilnoorstuuyzacdeeilnoorstuuyz");

return
" LOWER(
REPLACE( REPLACE( REPLACE( REPLACE( REPLACE( REPLACE(
REPLACE( REPLACE( REPLACE( REPLACE( REPLACE( REPLACE(
REPLACE( REPLACE( REPLACE( REPLACE( REPLACE(
REPLACE( REPLACE( REPLACE( REPLACE( REPLACE( REPLACE(
REPLACE( REPLACE( REPLACE( REPLACE( REPLACE( REPLACE(
REPLACE( REPLACE( REPLACE( REPLACE( REPLACE($nazevsloupce,
'\xC1','a'),'\xC8','c'),'\xCF','d'),'\xC9','e'),'\xCC','e'),
'\xCD','i'),'\xBC','l'),'\xD2','n'),'\xD3','o'),'\xD4','o'),
'\xD8','r'),'\x8A','s'),'\x8D','t'),'\xDA','u'),'\xD9','u'),
'\xDD','y'),'\x8E','z'),'\xE1','a'),'\xE8','c'),'\xEF','d'),
'\xE9','e'),'\xEC','e'),'\xED','i'),'\xBE','l'),'\xF2','n'),
'\xF4','o'),'\xF3','o'),'\xF8','r'),'\x9A','s'),'\x9D','t'),
'\xFA','u'),'\xF9','u'),'\xFD','y'),'\x9E','z')) like '%$query%'"
;
}
?>

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

This, ladies and gentlemen, is the very definition of WTF.

for the first time... i thought this will be some stuff that will be sent directly to the database server to make sure your database server isn't slacking off

but for a second thought, and when i've read the lead not only the code, i see the real wtf ... funny and ugly

I like how the character translations are hidden behind hex code, just to make sure you have no idea exactly which characters are being referenced. (Maybe it's really a rot13 gag!)

Yeaah ...
Looks like that WTF is written by a russian coder, becouse i tried to print thouse characters in a php script and most of them did look like cyrilic characters and the name of one of the variable names in russian means "word".

It's in Czech. "odcesti()" means something similar to "depath()", "slovo" is in fact "word" (Slavonic language..) and "nazevsloupce" is "columnname".

Doesn't really help much to understand it though..

martin: odcesti->odčešti :e))
the "odcesti" means "unczech"...

what this code does, is to remove diacritics (signs above letters in czech) in the query word, and tests the "unczeched" word against similarly unczeched word in the database.

those hex codes mean letters with diacritics
i'll try to show, but i'm unsure about how this will be displayed... submitting those in utf-8 so switch your charset:
á -> a
č -> c
ě -> e
é -> e
ň -> n
ř -> r
ů -> u
and so on and so on.

the way to do this properly ... well, not to do it at all. either strip diacritics before insertion into db, or use consistent character set and search without translation.
or is there something like strtr for a database?

Post new comment




*

  • Web and e-mail addresses are automatically converted into links.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <pre> <p> <br /> <br>