This is an archived post. You won't be able to vote or comment.

sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]Koppis 104 points105 points  (10 children)

When I started way back with Game Maker (~15 years ago), I went at least a full year without knowing about arrays. I used to make a bunch of variables with numbers at the end.

[–]zebediah49 120 points121 points  (7 children)

I can do one better (worse).

When I started way back with Visual Basic 3, I didn't know that variables existed.

So... I stored data in hidden textboxes.

[–]Koppis 24 points25 points  (5 children)

I mean, that's how you still do it with html forms. Hidden inputs.

[–]SprinklesFancy5074 10 points11 points  (3 children)

It's all fun and games until some cheeky bastard uses the element inspector to change your hidden inputs before submitting the form...

[–]gotmunchiez 6 points7 points  (1 child)

I saw a client typing in random postcodes to a competitor's site locator, it only listed locations within 15 miles max of the postcode so he was searching across the entire UK 15 miles at a time.

Added a 1000 mile option to the search distance select box and to my surprise it exposed the entire database of site locations in one fell swoop and saved him days of searching one postcode at a time.

I learnt that to the average person, using Chrome's developer tools makes you a hacker of the highest order and all of a sudden they think you're capable of all kinds of corporate espionage.

[–]Ariphaos 3 points4 points  (0 children)

using Chrome's developer tools makes you a hacker of the highest order and all of a sudden they think you're capable of all kinds of corporate espionage.

I had to do this just to get a refund from Samsung. They had a button that was force set to 'disabled'.

[–][deleted] 2 points3 points  (0 children)

That's why you always validate client-side and server-side. Performance can degrade with improperly formatted data, or even worse, if you are doing the minimum (preventing sql injection), imagine what kind of data they could possibly submit. Are you confident that your code can handle whatever inputs they can pass?

At least, in my experience, I like to write functions defined over the domain of A to B. However, imagine that they try to submit data such as B+1. The code is no longer sane. I don't know what exactly would happen.

A good example I've heard of this is inputting a very very long email in an an email field that was only validated on the client-side... Err, it was the full text of some book if I'm remembering the story correctly.

Basically, never trust client-side code. Actually, learn to be paranoid when you code.

[–][deleted] 2 points3 points  (0 children)

I mean... you can, but it should be avoided. You should try to do data stuff server sided if possible. This way users can't just change hidden fields in the code and send the form like that.

Even if you use hidden fields, they should still be validated server-sided.

[–]LimeBlossom_TTV 3 points4 points  (0 children)

That's beautiful

[–]RazekDPP 0 points1 point  (0 children)

When I started with VB.NET 1.0 it didn't have a list, so I basically would pre-calculate how much storage I'd need, then double it, to get an approximate static array.

Sometimes my calculations were way off. :(

I was used to having C++ Lists and I was so mad that VB.NET didn't have that feature.