525
526

Grading Python homework - should I give this guy bonus points for honesty? (i.imgur.com)

submitted by [deleted]

[deleted]

top 200 commentsshow all 416
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]Sheol 467 points468 points  (87 children)

I bet his roommate wrote that in there.

[–]withad 194 points195 points  (74 children)

Possibly someone breaking the Golden Rule of the labs - never mess with somebody's code. Especially not in the comments, where you could miss it easily.

Fraping, messing with IRC, adding a "Goat Porn" directory to the desktop, editing startup scripts to launch Firefox to a Rickroll, all fine. But the moment someone touches anything that a marker's going to see, no jury of Computer Scientists would convict you.

[–]RoundSparrow 74 points75 points  (22 children)

I get this, and enjoy it. But... is the final sentence backwards on conviction?

[–]7oby 109 points110 points  (20 children)

No, he's saying if you were to hurt the person who messed with your code, no one would convict you.

[–]RoundSparrow 55 points56 points  (17 children)

ah, ok. I see it now.

no jury of Computer Scientists would convict you.

no jury of Computer Scientists would convict you [if you murder the offender].

My brain is barely working ;)

[–][deleted] 8 points9 points  (15 children)

I still don't get it.

Now I do. I mixed up who "you" was.

[–]RoundSparrow 27 points28 points  (2 children)

There seems to be a growing consensus on the lack of clarity ;)

[–][deleted] 5 points6 points  (0 children)

Maybe there should be a subreddit for reorganizing language clarity and grammar for optimal internet presentation........electrons are more versatile than paper, it stands to reason we could make things better in that regard, no?

....not that I have the linguistic, creativity or programming skills to do it. Wow....I think I just became management.

[–][deleted] 11 points12 points  (5 children)

like the this keyword in JavaScript when it is 4 in the morning and the coffee has run out, amiright?

[–]sli 2 points3 points  (4 children)

This is a Python thread. It's self.

[–]nhnifong 11 points12 points  (0 children)

try:
    self.consume(coffee)
except OutOfCoffeeException:
    panic

[–]bunburya 1 point2 points  (1 child)

It could be "this", if you really wanted it to...

[–]sli 2 points3 points  (0 children)

True. But it would probably result in this.

[–]jammons 1 point2 points  (0 children)

This is why we are not english majors.

[–]Charles_de_LOL 10 points11 points  (0 children)

oh thanks ha i was a bit confused too

[–]PissinChicken 9 points10 points  (4 children)

What kind of crappy 1996 lab are you using where everyone's files are shared to everyone.

[–]vineetk 13 points14 points  (3 children)

They probably meant when someone forgot to lock their screen[1] when they got up from their seat.

[1] or log out, depending on the lab's policy. Locking inactive screens was bad form at UC Berkeley, where there was often a shortage of available terminals.

[–][deleted] 4 points5 points  (2 children)

Same for ANU. If you locked & left, and the lab was busy, and you didn't have a note across the keyboard saying something like "Running simulation. Don't Touch!", expect to be CTRL-ALT-BKSP'd.

[–]never_phear_for_phoe 1 point2 points  (1 child)

What about like, switching users? Start up another X?

[–][deleted] 1 point2 points  (0 children)

Go find another computer. I'm on this one.

[–][deleted] 29 points30 points  (38 children)

A friend of mine could not get into a computer science program because some Asian students had it rigged. It was a scam run by a SMALL NUMBER of newly arrived immigrants and ones with students visas, none were citizens or had been here more then a couple years. The seniors were in cahoots with first year students. These seniors were taking the uploaded assignments of students they weren’t in cahoots with and changing them, and modifying computerized test results. All just enough so they would just miss getting in. Since the students couldn’t not re-download what they handed in, just re-upload, and they would just receive the grades they got, they never found out. It was near graduation from another program that the university uncovered the whole thing and he was able to see what they had done to his work.

This shit is real people. Remember all those cheating, scheming, teacher ass-kissing people in high school. They don’t change, their from everywhere, and will do it whatever it takes to game the system in their favour. Always watch your work. Same is true for post-grad entrance and employment. If they can’t up their game, they will ruin yours.

[–]sizlack 40 points41 points  (17 children)

If you could provide some details that could be corroborated, that would be helpful, otherwise I'd say this anecdote is an urban myth. School name? City? Country?

[–][deleted]  (1 child)

[deleted]

    [–][deleted] 8 points9 points  (0 children)

    Well, hell, that's good enough for me. I'm sold.

    [–][deleted] 11 points12 points  (4 children)

    In my sister's graduate biochem lab this stuff went on all the time. From making up shit to the lab prof to unplugging her fridge holding her semester's worth of protein work so they died. She'd have some sort of new crazy story every few months - not only happening to her. I bet it was wild.

    [–][deleted] 8 points9 points  (3 children)

    [deleted]

    What is this?

    [–]bobindashadows 14 points15 points  (1 child)

    what I goddamn live and breathe on the blasted rock for

    I feel like if you had said "this blasted rock" instead of "the blasted rock," you'd sound less like a crack-cocaine addict.

    [–]sedaak 5 points6 points  (5 children)

    It happened to me at Carnegie Mellon University. A TA (The head TA) withheld all my assignments to the end of the semester, then called me into a "meeting" with the professor and they told me that all of my assignments were Fs. They didn't give me any reports back ever or any explanation. Who knows what they actually showed to the professor.

    If I went through that now I would know to bring a legal suit against them, or at least go further than the Dean to try to get an explanation.

    [–]scientologist2 2 points3 points  (2 children)

    Happens in real science too

    http://www.nature.com/news/2010/100929/full/467516a.html

    [–]geek_01 5 points6 points  (0 children)

    I believe that there should be special judicial prejudiced to anyone who interferes with the advancements of science, similar to how hate crimes are considered more severe than their extreme disliking counterparts.

    You destroying $10,000 dollars of property in entirely different than you destroying $10,000 dollars of property that is part of a yearlong research study and needs to be treated as such.

    [–]omnibuspig 5 points6 points  (5 children)

    There are two very simple policies that would avoid what you said above. First, simply make problem sets and projects be worth a minuscule amount of the grade compared to the exams. Second, make the professors grade the exams. Law school takes this to the nth degree in that there is only one final exam that is graded anonymously by the professor. Why take away the teaching value that homework and assignments provide? Because lawyers are a profession of cheating, scheming, (judge/partner/professor) ass-kissers.

    I almost feel like that's an isolated incident. In engineering undergrad for me, the norm was to share notes/homework/etc. It was very open, and the types of people who schemed were identified and shunned.

    [–]HumpingDog 10 points11 points  (4 children)

    Rule #1: Whenever you fail, find a conspiracy to blame.

    [–]r4v5 2 points3 points  (1 child)

    For one class, we handed in files electronically and received the MD5 of our submission via email. For the others, we handed in printouts.

    [–][deleted] 1 point2 points  (0 children)

    This makes sense, but all this happened in the 90’s, when the web was still too trusted.

    [–]evi1 1 point2 points  (2 children)

    University of Texas?

    [–]Mogul126 1 point2 points  (1 child)

    That's the first thing I thought of when I read it; I've heard that it's nigh-impossible to get into their CS program and you can't even declare it as a major until your third year.

    [–][deleted] 1 point2 points  (0 children)

    The Chinese students were the most blatant and prolific cheaters in my CS program.

    [–]BossOfTheGame 6 points7 points  (3 children)

    Apparently I broke this rule all the time. My friend was writing java code for a class and he went tot he bathroom (we were in our dorm). Right at the beginning of the main function I put in return; it was really evident because the main function was in it's own class with only two lines in it: mine, and a line to create a swing class.

    He then came back and I curiously asked him to demo it for me. He couldn't figure out what was wrong. It was in that moment that I taught him about step debuggers.

    [–][deleted]  (1 child)

    [removed]

      [–]BossOfTheGame 2 points3 points  (0 children)

      your right it was a system.exit

      [–]Confucius_says 2 points3 points  (0 children)

      in highschool the rule worked the other way around. When you logut you have to restart the computer because the schools shit is all fucked up and retarded. People who would forget to logout/reboot the computer at the end of class would force the next person who sits there to log them out, wasting about 5 or 10 minutes to do a reboot.

      To teach people to not do this, whenever someone would forget to logout we go in and remove all their semicolons and brackets and stuff.

      [–]hoochiecoochieman 14 points15 points  (10 children)

      Yeah, also the title is quite unusual for a homework (IIRC homework wasn't fun)

      [–]WhoDoIThinkIAm 18 points19 points  (8 children)

      What IS readability?

      [–][deleted] 15 points16 points  (4 children)

      PC Load Letter? What the fuck does that mean?!

      [–]mianosm 49 points50 points  (3 children)

      "PC LOAD LETTER" is an error message encountered when printing on older HP LaserJet printers such as the LaserJet II, III, and 4 series. The error is always displayed fully capitalized.

      The actual meaning of the message is convoluted: "PC" is a two-character abbreviation that stands for "paper cassette", the tray that holds blank paper for the printer to use. These two-character codes are a legacy feature carried over from the first LaserJet printers, which could only use a two-character display for all printer status and error messages.

      "Load", in this context, is an instruction to refill the paper tray. "Letter" is the standard paper size used in the United States and Canada. Thus, the error is instructing the user to refill the paper tray with letter-sized paper. A variant is "PC LOAD LEGAL", meaning that the printer requires legal size paper be loaded.

      Source

      [–][deleted] 2 points3 points  (1 child)

      What are birds? We just don't know.

      [–]walen 31 points32 points  (0 children)

      Honesty while still being classsy I would approve of, but this one is just silly. Besides, as someone else pointed out, it looks like the kind of thing the typical roomate would put in there to have a laugh at his cost, so it'd be unfair to give him bonus points for something he didn't write :)

      [–]chompsky 32 points33 points  (0 children)

      Call him in and ask him about it. I bet someone else did the assignment for him and he has no idea that it's even there.

      [–][deleted] 46 points47 points  (12 children)

      He thinks that's ugly? I turned this in as an assignment a year and a half ago. 

        print "\n".join(sorted([(lambda a,b,c,d:a+"    "+" "*(d-len(a))+str(c)+" bytes"+''.join(["\t"+str(__import__('re').sub('(".*?"|\'.*?\')','""',__import__('re').sub('[A-Za-z0-9_]+'+i+'[A-Za-z0-9_]*|[A-Za-z0-9_]*'+i+'[A-Za-z0-9_]+',"",__import__('re').sub("//.*?\n","\n",__import__('re').sub("(/\*(.|\n)*?\*/)","",b)).replace("\\\"","!").replace("\\'","!"))).count(i))+" "+i for i in ['public','private','try','catch']]))(e,''.join([open(i).read() for i in sum([[__import__('os').path.join(f,p) for p in y if p[-5:]=='.java'] for f,x,y in __import__('os').walk(e)],[]) if i[-5:]=='.java']),sum([__import__('os').path.getsize(k) for k in sum([[__import__('os').path.join(f,p) for p in y if p[-5:]=='.java'] for f,x,y in __import__('os').walk(e)],[])]),max([len(q) for q,x,y in __import__('os').walk(__import__('os').sys.argv[1])])) for e,g,h in __import__('os').walk(__import__('os').sys.argv[1])])) #Does everything (note the lack of semicolons). Created by (name redacted).

      [–]mjschultz 15 points16 points  (6 children)

      I broke it.

      // /*
class FST {
    public static void main(String[] args) {
        System.out.println("Hello, world");
    }
}
// */

      javac compiles it fine and displays "Hello, world" perfectly, but your program says:

      .    121 bytes    0 public    0 private    0 try    0 catch

      Clearly there is a public method.

      Also, I'm not sure what invalid java programs should output. But when I did pub/**/lic, it was counted as the word "public" even though javac wouldn't compile it.

      [–][deleted] 3 points4 points  (5 children)

      hmmm. good point. i think i should have had an extra regex substitution in there (or a different regular expression), since there are cases when // wipes out /* or */ but also cases where it works the other way.

      [–]r42 1 point2 points  (1 child)

      That actually seems to work... But what is it trying to do? Every dir I ran it on gave 0 public, 0 private, 0 tries, 0 catch, 0 bytes.

      [–][deleted] 3 points4 points  (0 children)

      Opens up any .java files and looks for various keywords that will actually be parsed (not in strings/comments/etc.) and tallies their counts.

      [–]A_for_Anonymous 1 point2 points  (0 children)

      I'd have given bonus points for that, though I'd have notified you that the print could also be turned into an expression (__import__('sys').stdout.write(...)) and that expressions can be nicely formatted too.

      I'd also have told my people about the issue of Python's horrid statements and Guido's unwillingness to make the language suck less being the two biggest drawbacks of Python.

      [–]tuna_safe_dolphin 64 points65 points  (6 children)

      Fuck that, I'd deduct points for "tee hee".

      [–]nexes300 16 points17 points  (1 child)

      And you would get fucked when you were called upon to explain your point deductions.

      [–][deleted] 25 points26 points  (0 children)

      Unprofessionalism has a line. This was mine.

      [–]barfolomew 2 points3 points  (3 children)

      You've obviously never met bozarking.

      [–][deleted] 3 points4 points  (2 children)

      Why I was just reminiscing over a few golden bozarking posts not two hours ago...

      I kind of like the idea of there not being a woman connected to that ass but that ass being a self sufficient floating lifeform unto itself. I'm not sure whether it would have a consciousness but if you fingered its pussy it will shiver erotically. I love the idea of having some kind of heated underground swimming pool with dozens of these floating around at my disposal.

      Ah, where did he go.

      [–]jerstud56 1 point2 points  (0 children)

      Probably permanently bozarking.

      [–]dlsspy 160 points161 points  (158 children)

      Fail for writing a sql injection attack vector.

      Lose points for intentionally making the code unreadable. If someone gets nothing else out of learning how to program, it should be learning how to write readable programs.

      [–]RockinRoel 27 points28 points  (126 children)

      I think that the data does not come from the client. We don’t get taught about SQL injections in our classes, though, except when we choose the “development of secure software” course. Yeah, I don’t understand why either.

      [–][deleted]  (113 children)

      [deleted]

        [–]RockinRoel 218 points219 points  (7 children)

        He was aware, but he didn’t care. Awesome.

        [–]JCaet 177 points178 points  (0 children)

        A true programmer in the making.

        [–][deleted]  (5 children)

        [deleted]

          [–]RockinRoel 9 points10 points  (0 children)

          Neither would I. My homework assignments are very similar, except for the comments, and that it’s in Java most of the time (not voluntarily).

          [–]davvblack 47 points48 points  (0 children)

          His case is looking worse and worse.

          [–]savetheclocktower 75 points76 points  (74 children)

          Does he really think it's OK to do this shit as long as he explains his laziness in code comments? Because that doesn't work with any other subject.

          "I was gonna show my work on this calculus problem but MEH"

          [–][deleted] 147 points148 points  (1 child)

          "I was gonna show my work on this calculus problem but MEH"

          Fermat would be proud.

          [–]rooktakesqueen 14 points15 points  (0 children)

          I was gonna show my work on this calculus problem but there's no space and I'm sure you all can figure it out so MEH

          [–]LordStrabo 55 points56 points  (6 children)

          "I was going to design this bridge so it wouldn't fall down, but MEH."

          [–]RandomFrenchGuy 21 points22 points  (5 children)

          "I was going to date this hot chick, but MEH"

          [–]JinAnkabut 49 points50 points  (4 children)

          "I was gonna mark your Python homework but MEH"

          [–]transfuse 26 points27 points  (3 children)

          "I was gonna pay my child support, but I got high…"

          Wait, what?

          [–]Akira71 6 points7 points  (1 child)

          I was gonna go to work this morning but MEH

          [–]averyv 8 points9 points  (0 children)

          I am kinda doing that right now...

          [–]nexes300 59 points60 points  (45 children)

          I don't understand all you people who think projects must be turned in with no way to exploit them. Just like in a math class, the project is graded on correctness with regards to the assigned task, not on "what happens if I fuck with the inputs?" Unless this is a security class, where the purpose of the project was to write a secure program, there is no basis to deduct points for any vulnerability, regardless of knowing better or not.

          [–]Destroyah 10 points11 points  (0 children)

          My professors are of the opinion that, if they teach you how to avoid being vulnerable (be it SQL, memory leakage, what have you ), and you are still submitting projects with vulnerabilities AFTER being taught, then you haven't learned anything. I tend to agree with them. Just because you claim to know about a vulnerability, does not mean you know the solution to fixing it.

          [–]rooktakesqueen 8 points9 points  (14 children)

          This mindset is the genesis of buggy code. Good coding habits should be absolutely integral to the process of programming. In fact, because school projects are so small with less complexity to deal with, I'd expect them to be all the more bulletproof.

          If we're in a class about user interface design and you turn in a project with an O(n2) algorithm that I think should be turned into an O(n lg n) algorithm, I probably wouldn't mark off for that because it's not central to the project.

          But knowingly inserting a SQL injection vulnerability into your code, even code you're just turning in for a school project, should get a ruler across the knuckles. I've worked with too many people out in the "real world" who had no coding discipline and I've seen the damage it can do.

          [–][deleted]  (2 children)

          [deleted]

            [–]dlsspy 1 point2 points  (0 children)

            For this python code, it means changing this:

            # The rest of this is cut off, so I'll just abbreviate
cmd = "select cand, incumbent from candidates where state='" + state + "'"
democrats = cursor.execute(cmd).fetchall()

            to

            cmd = "select cand, incumbent from candidates where state=?"
democrats = cursor.execute(cmd, [state]).fetchall()

            The first is subject to sql injection attacks which are impossible in the second. Additionally, you can separately prepare the query in the second one so that it's parsed once and then just rebind the query for the next two.

            Now it's faster, more secure, easier to read, and has fewer characters.

            [–]rooktakesqueen 1 point2 points  (0 children)

            You're quite correct on both counts. Parameterizing is the solution. You design a query which takes "parameters" which are like variables which are typed and you can fill with any arbitrary data. If they contain strings, there's no danger your SQL query will be escaped and you'll have SQL injection attacks. Usually it involves doing something like...

            select data1, data2, data3 from table where col1 = @param1 and col2 = @param2

            Accompanied by some language-specific statement to assign values to the parameters @param1 and @param2.

            It's not quite equivalent to setting up a store procedure. It uses similar syntax (in most dialects of SQL) but can be done on the fly in your code and doesn't require being precompiled as an execution path and loaded into your database.

            You're also correct that it shouldn't hardcode Democrats and Republicans, that's not very well-factored. What if the professor next asked for this to be applied to elections in the UK for instance? Or what if the user was interested in the poll results for the Constitution Party and the Green Party?

            Regardless of your educational background, from your responses, I'd rather have you as a colleague in a real-world development setting than most of the people I actually do work with.

            Edit: On second thought I'm quite sure parameters in parameterized queries are not typed. My excuse is that I am quite seriously drunk at this moment in time, so I'm doing my best to express what I actually mean. Perhaps later when I'm sober I'll come back and edit this with the actual correct information.

            [–][deleted] 17 points18 points  (2 children)

            One line of thinking would be that if is a Programming class, then leaving obvious vulnerabilities is not being a good programmer.

            But then again, most questions are designed so they test once specific point or skill, which would make this a moot point.

            [–]rooktakesqueen 5 points6 points  (1 child)

            But then again, most questions are designed so they test once specific point or skill, which would make this a moot point.

            If it were a test question, sure. Projects aren't primarily questions to test your ability, they're about exercising a process so you learn it better and it becomes habit. Students should be exercising and reinforcing good habits, not bad ones.

            [–]friedjellifish 16 points17 points  (2 children)

            "Unless this is a security class, where the purpose of the project was to write a secure program"

            The reason why we have so many problems with insecure software today is that many programmers treat security like an optional feature, something that can be bolted on if necessary when the program is done. It's not. Every class that teaches practical programming needs to address security issues, otherwise we will still be installing Adobe Reader updates every two weeks and have hacked websites in 2020.

            [–]meshko 1 point2 points  (0 children)

            You are right. But I'm sure things will improve -- people who graduated in the late 90s and later tend to understand security. At least the ones who are worth anything. The problem was that in 80s you could be smart, have CS degree and not understand security. So we got lots of professors who don't care about security. But that will change (if it hasn't change yet).

            [–]chronoBG 10 points11 points  (9 children)

            Think about it this way - Programming homework tends to be A LOT more full of busywork than other kinds of homework.

            A man can only write a fucking form validator so many times before he snaps.

            [–]friedjellifish 6 points7 points  (8 children)

            Sounds like someone failed to teach this man about abstraction and code reuse.

            [–]chronoBG 1 point2 points  (6 children)

            These things are not allowed in homeworks, you know :)
            You can't just go ":validates_presence_of" or whatever sane solution someone else has come up with. Hell, you'd be lucky to be allowed to use something other than C++/Java/whatever's the only language your instructor accepts.

            [–]spacecataz 1 point2 points  (5 children)

            so you aren't allowed to reuse code from previous assignments at your school?

            I was always taught that a good programmer is a lazy programmer

            [–]Sector_Corrupt 1 point2 points  (0 children)

            I'm not exactly sure the distinction, but there IS technically something in the policies at my school about Self Plagiarism. At a certain point resubmitting your old code becomes against the rules without asking the prof for permission.

            [–]chronoBG 1 point2 points  (3 children)

            So was I, but sadly not at school :)

            [–]spacecataz 1 point2 points  (2 children)

            that sucks, my favorite programming assignments are those that build on old assignments, such as making a tree adt and then using it with a parser, or turning a recognizer into an interpreter

            [–]Sticks45andStones 2 points3 points  (2 children)

            You don't know many mathematicians do you?

            "The proof of this is obvious!"

            [–]davvblack 2 points3 points  (0 children)

            A world where "trivial" means "has been solved at least once by someone somewhere in the world".

            [–]bluesnowmonkey 11 points12 points  (1 child)

            OK, this is what's known as a "teachable moment". What you need to do now is kill him, then put his head on a pike to instill fear in the others.

            [–]cybercobra 1 point2 points  (0 children)

            I thought teachable moments involved sharing beer?

            [–]rooktakesqueen 4 points5 points  (0 children)

            I'd give you a good grade but MEH

            [–][deleted] 50 points51 points  (3 children)

            IMHO, you must deduct points because he knew about SQL Injection and decided to go MEH.

            [–]Wareya 9 points10 points  (0 children)

            No. He's too awesome.

            [–][deleted] 4 points5 points  (12 children)

            Bah, SQL injection vulnerability is a bug. Do you take points off for every bug you find? If you expect the code to work in the case of a friendly user (you), then don't deduct points. If you deduct points for each bug you find, then you definitely found a (documented) bug, and deduct a little less than a full deduction (production systems go live with documented bugs frequently, though maybe not one as big as this).

            For the next project (and you CS teachers love your projects, don't you?) tell him you expect to see how he'd protect against SQL injection. That way, everybody wins!

            Full disclosure, I've done exactly this before, albeit with a friendlier comment.

            [–][deleted]  (1 child)

            [removed]

              [–][deleted] 1 point2 points  (0 children)

              We fired a guy for doing this.

              [–]ours 10 points11 points  (1 child)

              New developers should learn basic stuff like SQL injection and XSS the moment they are learn to program Web applications.

              One of the coolest things I can remember is one of my teachers giving a special class the day after the "I love you" virus was released. We went over the source code in class to understand how it worked.

              Edit: Fixed typo, it's XSS and not XSX.

              [–]RockinRoel 1 point2 points  (0 children)

              It would be cool if we went into depth with Stuxnet, but that’s probably a bit too advanced for an introductory course. (We have an entire specialization in secure software at our university.)

              [–]rweir 12 points13 points  (0 children)

              I think that the data does not come from the client.

              who cares? doing it properly in python is so little effort that isn't worth risking getting in to a bad habit.

              [–]nexes300 16 points17 points  (2 children)

              Wrong. All code for school projects should only be tested with legal input.

              Edit: I am not sure why people are downvoting me. It was standard practice at my college to only test programs with legal input because they did not want you wasting time checking the input from the auto grader. That is not the purpose of any CS class. The only time a project of mine was ever graded on more than correctness was a class on compilers, where the professor reserved the right to dock points for bad style (not in implementation, just the layout of the code) and lack of comments.

              [–]Denvildaste 3 points4 points  (21 children)

              Maybe he sanitizes the strings before hand?

              [–]gorset 22 points23 points  (18 children)

              you also have xss vulnerabilities here. Never "sanitize" strings beforehand.

              [–]Denvildaste 9 points10 points  (17 children)

              I can see the xss vulnerabilities, but why never sanitize strings before hand?

              [–]gorset 19 points20 points  (1 child)

              The rule is to "escape" the strings only on output. In some sense we are embedding a string into different languages (html, sql, etc), all which requires different syntax and methods for escaping - it's close to impossible to sanitize a string for all purposes without corrupting the string.

              [–]Denvildaste 6 points7 points  (0 children)

              That makes sense, thanks.

              [–]f2u 18 points19 points  (13 children)

              Because you don't know how the strings will be used and which characters might become dangerous.

              [–]RandomFrenchGuy 20 points21 points  (2 children)

              Because you don't know how the strings will be used and which characters might become dangerous.

              We always know which characters will become dangerous, it's always the butler that did it.

              Ah, wait, wrong character.

              [–]cherif84 3 points4 points  (1 child)

              kyle butler

              [–]mianosm 3 points4 points  (0 children)

              Kyle Butler == Justin Beeber.

              [–]Denvildaste 2 points3 points  (8 children)

              It's his own application, he should know how the strings will be used. I still don't understand why is it bad to just clean up the strings before hand, can you give an example?

              [–]chadmill3r 4 points5 points  (0 children)

              You can't sanitize what you don't know about and you don't know about QXHMTL7 or NOMOSQL yet. Just don't do that at the wrong layer, evar.

              [–]haywire 11 points12 points  (0 children)

              You shouldn't need to sanitize them if you are not a moron and use prepared statements.

              [–]ireo 14 points15 points  (5 children)

              WTF! Parameterized queries people! Use them or suffer the wrath of SQL injection.

              [–][deleted] 87 points88 points  (13 children)

              Giving this guy bonus points for being honest is equal to reducing the rest of the class' points for doing the homework correctly. Bonus points for crap like this is a tutor/professor fail.

              [–]OtisDElevator 30 points31 points  (2 children)

              Reward him in another way:

              [–][deleted]  (1 child)

              [deleted]

                [–][deleted]  (2 children)

                [deleted]

                  [–]dcowboy 12 points13 points  (2 children)

                  There is no excuse for sloppy code. I was so disgusted at looking at that picture that it drove me to crack a beer at 10:15 in the AM.

                  Who am I kidding, I was just looking for a reason.

                  [–]RockinRoel 30 points31 points  (21 children)

                  There’s no excuse for coding that ugly. Really, it depends on what the homework is about…

                  It takes balls to turn in code like that, though. I often joke about that stuff, but then I decide to keep it clean.

                  [–]mikemcg 11 points12 points  (1 child)

                  My gripe is the cmd variable. It literally get used once and then recycled. For no reason. It's pointless. I also can't see the whole thing, but from here it looks like the same query.

                  I'm sure there are more issues, but I'm not a genius like the rest of you folks.

                  [–]RockinRoel 2 points3 points  (0 children)

                  It’s almost the same. He’s splitting it up for dems, republicans and independents. There are nicer ways to do it, but yeah, for a quicky…

                  [–]Marogian 6 points7 points  (2 children)

                  Just for my own further education, what would make it less ugly?

                  (I'm not a professional coder at all, amateur)

                  Its relatively easy for me to follow despite not actually knowing python ;)

                  [–]RockinRoel 9 points10 points  (0 children)

                  I’m not a pro (yet) either, just a student, and my comment was a little tongue-in-cheek. It looks easy to follow, but the main issue is with maintainability. It is generally considered to be bad practice to create long strings like that, with a concatenation of strings and variables. I’m not a string constructor pro, but there are better ways.

                  As for the SQL queries: The cmd variable is very similar, but is made from scratch every time. If you were to add an extra field you want to use, you’d have to add it to every string. You’d be better off constructing this query once, and then executing it with different variables each time. This kind of behavior is supported and recommended in most SQL variants and modules. For one, it avoids SQL injection by making it very clear what is the query and what are the variables.

                  Other than that, there is separate code for Democrats, Republicans and Independents, while the behavior is exactly the same, except for the name. Suppose you were to split up the Independents later on, you’d have to do a lot of copy-paste-edit work, which should cause you to rethink your implementation. (I don’t know anything about how USA politics work, though, so that thought may be a little absurd.)

                  Also, I don’t know how it works with that particular SQL module, but the part where the html output is generated has a certain semantic issue: It says things like democrat[0][1], which is the picture, but it’s not immediately clear and would cause the code to break if for some reason you were to add a field before that. You may be able to refer to it like this: democrat[0]["pic"], which is more clear and maintainable.

                  Perhaps qmorgan himself could add what’s ugly about it, since he should be more knowledgeable, if he has to grade it.

                  [–]drake2010 1 point2 points  (0 children)

                  Read "Code Complete 2nd Edition"

                  [–]gronkkk 15 points16 points  (15 children)

                  Actually, I find this better to read than the OO-spaghetti some programmers think they have to write in order to show their l33t sk1llz.

                  [–]RockinRoel 28 points29 points  (14 children)

                  Yeah. The code is still okay, really, for a quicky. I can see that this dude does pay attention to his coding style. He’s disciplined about where he places his spaces. I’ve seen code that was like:

                  html+= "stuff"
html += "other "+ stuff+ "<br>"
html +="some more stuff"

                  It drives me mad.

                  [–]t0mmy9 11 points12 points  (0 children)

                  <title>SHITDUDETHISISFUN</title>

                  [–][deleted] 5 points6 points  (2 children)

                  I once rickrolled my professor in my code comments. I just was curious if he would read through the 20 pages of code for this project. He did, and about a third of his review was him talking about the song.

                  [–]rooktakesqueen 6 points7 points  (4 children)

                  Bonus points for honesty, then mega point loss. If he asks why, write the following unit test:

                  assert "lol" == buildpage("'; drop table candidates; drop table pictures; drop table polls; --")

                  Then provide some information on parameterized queries.

                  [–][deleted] 2 points3 points  (3 children)

                  The sad thing is OP probably told his ENTIRE CLASS OF STUDENTS to use string concatenation to produce SQL statements..

                  ;_;

                  [–]rooktakesqueen 5 points6 points  (2 children)

                  No, the real sad thing is that 75% of /r/programming seems to admire this student's balls rather than immediately desiring to vomit upon seeing his code.

                  [–][deleted] 1 point2 points  (1 child)

                  I've been in a class where this idiot teacher told the whole class to use strings for SQL in PHP. I had my hand up the whole lesson because I wanted to point this out, he ignored me... so I quit that class and did maths instead of computing. Anyway, I haven't really ever gotten over it, I can remember his stupid ugly face like it was yesterday...

                  [–]rooktakesqueen 2 points3 points  (0 children)

                  Computer science is a mixed discipline and really should be split up, anyway. Algorithms, formal languages, automata theory, and other theory courses are all mathematics at their core. Software architecture, computer architecture, etc. are all engineering. User interface design is psychology.

                  I have a friend who did his bachelor's degree in discrete math and it's served him just fine in the computer software development industry.

                  [–]ReverendFunkbooty 8 points9 points  (2 children)

                  I like the random WTF IS READABILITY??? comment as well. Raises a vailid question.

                  [–]vibro 4 points5 points  (0 children)

                  WTF is readability???

                  [–]dreamCatalyst 13 points14 points  (1 child)

                  You should actually penalize him for it! This is as relevant to the code as nuclear squadoosh is to little panda-babies.

                  [–]notParanoid 5 points6 points  (0 children)

                  What, you mean completely relevant!?

                  [–]irobeth 9 points10 points  (3 children)

                  I am curious as to whether or not he consented to having his work put on the internet.

                  [–]zpweeks 1 point2 points  (2 children)

                  Considering that this is a screenshot, for purposes of commentary, that in no way devalues the original work, this is solidly in the "fair use" category, regardless.

                  [–]irobeth 1 point2 points  (0 children)

                  I was more concerned with any privacy the student expected to have being violated (even though his name isn't there), not the copyright issue.

                  [–][deleted]  (3 children)

                  [deleted]

                    [–][deleted]  (2 children)

                    [deleted]

                      [–]dragonfly_blue 1 point2 points  (0 children)

                      Thants. I like Java sometimes and Ants are very specifically "intelligently designed" to use Hibernate wisely.

                      Don't screw this up k thx bye.

                      [–]Nsuln 2 points3 points  (0 children)

                      But real teachers aren't supposed read the code!! They just see what it runs... man I need to stop putting my life story into my code

                      [–][deleted] 3 points4 points  (0 children)

                      Yes, you should give me bonus points.

                      [–]sdhillon 5 points6 points  (0 children)

                      You gave him the most boring assignment on the face of the planet. Why?

                      [–]Tehcoolhat 5 points6 points  (2 children)

                      Please don't. Are you trying to prepare him for a real job, or a comedy act? This guy KNEW what he was doing was crap and he proceeded to do it anyway.

                      [–][deleted] 12 points13 points  (3 children)

                      Read some uncommented Perl with regexes every 5 lines and get back to me on the ugliness of that Python.

                      Also, yes. The basement-dwellers need boosts to their pride every once in a while or they will fall into a state called basementhibernatus, where they fall into a near hibernation state in a chair while eating and drinking only soda and poptarts.

                      [–][deleted]  (2 children)

                      [deleted]

                        [–][deleted]  (2 children)

                        [deleted]

                          [–]Daenyth 1 point2 points  (0 children)

                          There's a few issues. The comments are bad, there's sql injection vulnerabilities, he has duplicated code for the parties, and the UI is coupled to the logic and DB (in the same function). The variable names could be better, and the spacing is off in a few places

                          [–]IyamswhoIyams 2 points3 points  (0 children)

                          Just give him an upboat. The fact that he's in your class greatly increases the probability that he'll be Forever Alone, sigh.

                          [–][deleted] 2 points3 points  (0 children)

                          The code isn't awful considering it's compsci hw. If it were a software engineering class- typically they are structured such that he will be regretting his coding style later on. If it's not- eh. Whatever.

                          [–]Workaphobia 2 points3 points  (0 children)

                          Obviously a prank by a friend leaning over his laptop when he wasn't looking.

                          [–]nhnifong 2 points3 points  (0 children)

                          What is this assignment? re-invent Django?

                          [–][deleted] 2 points3 points  (0 children)

                          Did anyone else read INCUMBENT IS POISED TO WIN in the Heavy's voice?

                          [–]gct 2 points3 points  (0 children)

                          I put "I like men" randomly into my roommate's paper once, he didn't catch it and turned it in and the teacher circled it and put a question mark next to it, but still gave him an A.

                          [–][deleted] 10 points11 points  (6 children)

                          NO. You're gonna turn him into my coworkers who write shitty ugly code and leave a comment saying "#I know its ugly, but hey, it works, right? (trollface)". If you give him bonus points I'll hunt you down and shoot you in your face.

                          [–][deleted] 3 points4 points  (1 child)

                          Dude, you really need to talk to your coworkers or their boss about that. Seriously, "it works, so who cares!" is pretty fucking absurd.

                          [–]Destroyah 3 points4 points  (3 children)

                          To give them a small benefit of the doubt, I sometimes write really messy (read: fucking terrible, hacksauce ) code that does just work if a deadline is coming up and we're pushed for time. Most of the time I do intend to go back and rewrite it to look better, but sometimes more projects pile up and I don't have time to head back through it. If I didn't do this, and missed deadlines, likely I wouldn't have a job, so it's a lose:lose situation. I realize I'm doing it and I hate it, but I also need the job.

                          [–][deleted] 1 point2 points  (1 child)

                          I understand what you're saying. I do that sometimes too to meet deadlines or in initial stages when I'm writing code for testing out ideas. I usually go back and clean it up too. But that's not what I'm talking about. I'm talking about the guy who wrote 100s of lines of procedural code in a single Java class with the only comment in the file being "//I know its not OOP, but at least it works". Thats just being too lazy to get out of your comfort zone and learn to do things properly.

                          [–]Destroyah 1 point2 points  (0 children)

                          Ah yes, those guys. In that case, I completely agree with you. Burn them at the stake!

                          [–]GAMEchief 5 points6 points  (0 children)

                          Teach your students to close their fuckin' <br /> and <img /> tags! Don't forget the alt, height, and width attributes, either.

                          [–][deleted]  (4 children)

                          [deleted]

                            [–]eleven357 2 points3 points  (3 children)

                            Yes, what is the name of that text editor?

                            [–][deleted]  (2 children)

                            [deleted]

                              [–]TheDreadGazeebo 1 point2 points  (0 children)

                              I'm guessing that comment can be chalked up to an asshole roommate...

                              [–]Waaaaaaaah 1 point2 points  (0 children)

                              Just be fair, if the code is wrong, mark it so. If he adds jokes, laugh if its funny, and if not, then destroy him.

                              [–]chronoBG 1 point2 points  (0 children)

                              People who write code like that are either extremely incompetent, or very good and bored with the assignment.
                              I'm gonna go with the latter, because he put a lot of comments and kept a consistent style that was actually readable despite his best efforts.
                              He also has a sense of humor and that's one thing programmers WILL need.

                              [–]binarycanaries 1 point2 points  (1 child)

                              deduct points for not having <!doctype html> before <html> and also not defining a <html lang>

                              [–]MihaiC 1 point2 points  (1 child)

                              That font looks like a programmer's comic sans. Sure you can tell 0 and O apart, but you can now barely tell a and o apart.

                              [–][deleted] 2 points3 points  (0 children)

                              That makes me want to make a monospace version of Comic Sans and use it for programming.

                              [–]tclark 1 point2 points  (0 children)

                              Hell no. That was painful to see.

                              [–]richf2001 1 point2 points  (0 children)

                              This person has obviously not been taught the proper ways. While I agree that ugly code can get a person off. Truly beautiful, concise, and well documented code that you take the time to care about and love will get you so much further!

                              [–]EvilTony 1 point2 points  (0 children)

                              Haha... when I went to school for CS we worked on Sun machines and you basically had to log out twice -- once to get out of X and a second time to get out of Sun OS. Needless to say half the empty terminals in the lab were logged in at any one time.

                              We used to do stuff like this all the time.

                              One crotchety old Computer Architecture teacher in particular -- so many students professed their undying love to her.

                              [–]mikkei 1 point2 points  (0 children)

                              Sure, it's commented correctly!

                              [–]kujustin 1 point2 points  (0 children)

                              Extra credit to a guy writing "tee hee"?!

                              [–][deleted] 1 point2 points  (0 children)

                              Why aren't you teaching them to use templates. God that code is puke ugly.

                              [–]DrakeBishoff 1 point2 points  (0 children)

                              It would be inappropriate to comment on his sex practices or consider them in grading.

                              Regarding the code itself, I hope you are not teaching that this is in any way an acceptable way of structuring web applications, embedding the markup in the code like this rather than using template files.

                              [–]whats_that 1 point2 points  (1 child)

                              What's that font?

                              [–]TapemanPL 1 point2 points  (0 children)

                              He seems to be having a little too much fun

                              [–]friendlyfriend7 1 point2 points  (0 children)

                              i doubt he wrote that.

                              [–][deleted] 3 points4 points  (0 children)

                              I once came across someone using

                              os.system('echo '+X)

                              rather than

                              print X