|
I don't like returning -1 for an error (particularly in this case) because -1 could be a valid result. eg. the values are all -1. There are a couple of nice solutions I can think of. One would be to use a nullable type ie. double? . The other way would be to let an exception be thrown or throw your own exceptions.
Only looking at the first four elements is probably the worst thing IMHO though. What do you think of this?
public double CrappyTotal
{
get
{
double total = 0;
foreach (var d in this.SomeItem.Details)
{
total += d.Value;
}
return total / (double)this.SomeItem.Details.Count;
}
}
No exception handling . I would be happy without error handling. I could add a check for nulls at the start, but I don't think it's worth the time. It would probably depend how and where it was being used though.
So, are there people out there who insist that every exception must be handled?
|
|
|
|
|
Yes,
That is one of the ways I suggested, but also added that if you are calculating an average, then the name should probably reflect that as well
|
|
|
|
|
|
this is one of the many gems I'm finding (and fixing) in some third party produced code:
protected void btnLogin_Click(Object s, EventArgs e)
{
bool loginOK = false;
try
{
loginOK = Account.LoginUser(Page, txtUserName.Text, txtPassword.Text);
}
catch (Exception ex)
{
string error = string.Empty;
if (ex.Message == "Invalid attempt to read when no data is present.")
{
error = "Username not found.";
}
else
{
error = ex.Message;
}
lblMessage.Text = error;
return;
}
if (loginOK == true)
{
Response.Redirect("~/Default.aspx");
}
else
{
lblMessage.Text = "Password does not match.";
}
}
public static bool LoginUser(Page page, string uname, string pass)
{
bool passwordVerified = false;
try
{
passwordVerified = AccountDB.CheckPassword(uname, pass);
}
catch (Exception ex)
{
throw;
}
if (passwordVerified == true)
{
string roles = "JobSeeker";
FormsAuthenticationTicket authTicket = new
FormsAuthenticationTicket(1,
uname,
DateTime.Now,
DateTime.Now.AddMinutes(60),
false,
roles
);
string encryptedTicket = FormsAuthentication.Encrypt(authTicket);
HttpCookie authCookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);
page.Response.Cookies.Add(authCookie);
int userID = AccountDB.GetUserIDByUsername(uname);
AccountDB.UpdateLoginDate(userID, DateTime.Now);
return true;
}
else
{
return false;
}
}
public static bool CheckPassword(string username, string password)
{
bool passwordMatch = false;
SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["ConnectionString"].ConnectionString);
SqlCommand cmd = new SqlCommand("CheckPassword", conn);
cmd.CommandType = CommandType.StoredProcedure;
SqlParameter sqlParam = cmd.Parameters.Add("@userName", SqlDbType.VarChar, 255);
sqlParam.Value = username;
try
{
conn.Open();
SqlDataReader reader = cmd.ExecuteReader();
reader.Read();
string dbPasswordHash = reader.GetString(0);
string salt = reader.GetString(1);
reader.Close();
string hashedPasswordAndSalt = Account.CreatePasswordHash(password, salt);
passwordMatch = hashedPasswordAndSalt.Equals(dbPasswordHash);
}
catch (Exception ex)
{
throw;
}
finally
{
conn.Close();
}
return passwordMatch;
}
I'm not sure what's worse, that a professional development company has people who think this is how you use exceptions, or that my company actually paid money for this code
I love the way they put database errors in the message to the user, and identify which they got wrong, the username or the password.
modified on Wednesday, July 8, 2009 12:55 PM
|
|
|
|
|
What did you do wrong to deserve this? Did you destroy Sealand?
On another note, the comments in your code block stretch the screen. Could you please fix them?
Between the idea
And the reality
Between the motion
And the act
Falls the Shadow
|
|
|
|
|
fixed the comments, sorry
I think it must be bad karma, the whole site is like this (they were the lowest bidder).
It does function, and there are pieces that are seem good, but then I come across stuff like this and I really want to bang my head against the wall.
|
|
|
|
|
I am not familiar with db connection issues. Could you explain why is it bad, please?
icewolf_snowfire wrote:
SqlDataReader reader = cmd.ExecuteReader();
reader.Read();
Thanks.
Greetings - Jacek
|
|
|
|
|
when you use a SqlDataReader, you always have to check if it actually contains any data with reader.HasRows if it doesn't have data, like in this case if the username is not in the database, it throws an InvalidOperationException "Invalid attempt to read when no data is present"
what's happening is the person who wrote this, didn't understand what was causing the exception, so he just handled in with a try catch, rather than fixing the actual problem.
|
|
|
|
|
I get it. It seems to be another case of an "exceptional coding". Moreover, it rethrows the exception so the overlaying method will get a plain InvalidOperationException with no clue what is going on, as far as I understand the throw; syntax. Terrifying.
Greetings - Jacek
|
|
|
|
|
icewolf_snowfire wrote: reader.HasRows
Wouldn't if (reader.Read()) { ... } be ok too?
xacc.ideIronScheme - 1.0 beta 3 - out now! ((lambda (x) `((lambda (x) ,x) ',x)) '`((lambda (x) ,x) ',x))
|
|
|
|
|
you're right it would, I didn't realize that was there. (and neither did they)
it would be less lines of code, so slightly more efficient?
|
|
|
|
|
icewolf_snowfire wrote: it would be less lines of code, so slightly more efficient?
lol.
Greetings - Jacek
|
|
|
|
|
I've always used while (reader.Read()) { ... } which does the trick.
Mark Brock
"We're definitely not going to make a G or a PG version of this. It's not PillowfightCraft." -- Chris Metzen
Click here to view my blog
|
|
|
|
|
I'm not sure what's worse, that a professional development company has people who think this is how you use exceptions, or that my company actually paid money for this code Unsure
I love the way they put database errors in the message to the user, and identify which they got wrong, the username or the password.Mad
In many situations, it's entirely reasonable to distinguish a bad username from a bad password. User names are generally not secure, and legitimate users may not always remember which variation of their username they used at a particular site.
Having a login routine throw an exception for user-not-found is not the best, but if a custom exception were used for that purpose, it wouldn't be totally horrible. The only really horrible thing I see is the munging of the exception message.
BTW, one feature I'd like to see on a web site would be an option for users to specify a string that should be displayed on an unsuccessful login attempt, with the instruction that the string should contain something recognizable, but should not contain any security-related information. That would allow someone who mistakenly tries to log in with someone else's username to immediately realize their mistake.
|
|
|
|
|
It would also be nice if sites told you what the rules for passwords were so that you knew which passwords you were likely to have used on a given site. Often I've had to try to create a new account to find out what the rules are for a site so I can login again. Life was so much easier before websites started getting themselves removed from BugMeNot!
|
|
|
|
|
Russell Jones wrote: It would also be nice if sites told you what the rules for passwords were so that you knew which passwords you were likely to have used on a given site. Often I've had to try to create a new account to find out what the rules are for a site so I can login again. Life was so much easier before websites started getting themselves removed from BugMeNot!
No kidding. If a site requires passwords to be precisely eight characters, how is it any less secure to remind people of that at the login screen than after they create a new account? (Of course, requiring that passwords be exactly eight characters seems a dumb design anyway--even if the system only had space to store eight bytes, and policy factors dictated an eight-character minimum, the system should easily be able to hash a password of arbitrary length into an eight-byte digest or--failing that--just take the first eight bytes of the password and ignore the rest).
|
|
|
|
|
I've seen the exact same crap from a third party 'development company' my employer has recently stopped using.
I ended up submitting report after report on how bad their code was ... finally got listened to and we promptly dumped them.
|
|
|
|
|
I don't think these are the bad Idea or junk or crap etc. whatever you called it.
It just the way of programming. And it the way the programmer want it to be.
One Algorithm can be done in many way.
So If you think you can write a better one, You should not shout into their face an say something Like
"Your code is bad. I found this junk in your code. I am the best." Impressive Huh!?
What you should do is give them a suggestion, Though it free
|
|
|
|
|
Well... you can lead a horse to water...
-------------------------------
Carrier Bags - 21st Century Tumbleweed.
|
|
|
|
|
And remind him he was drinking poison...
It feels good to learn and achieve
|
|
|
|
|
Not only the code uses hardcoded "enums" and uses everything as strings, it also does very "useful" IFs.
if(cboTipoIncentivo.SelectedValue == "414")
dtIncentivo = oIncentivo.ConsultaCreditoIncentivo("", txtN_Processo.Text, sIdf_Pessoa, cboTipoIncentivo.SelectedValue);
else
dtIncentivo = oIncentivo.ConsultaCreditoIncentivo("", txtN_Processo.Text, sIdf_Pessoa, cboTipoIncentivo.SelectedValue);
|
|
|
|
|
Looks like a breakpoint construction to me. I would consider using such things myself assuming you can't break on an empty code block.
Luc Pattyn [Forum Guidelines] [My Articles]
The quality and detail of your question reflects on the effectiveness of the help you are likely to get.
Show formatted code inside PRE tags, and give clear symptoms when describing a problem.
|
|
|
|
|
Luc Pattyn wrote: I would consider using such things myself assuming you can't break on an empty code block.
;
xacc.ideIronScheme - 1.0 beta 3 - out now! ((lambda (x) `((lambda (x) ,x) ',x)) '`((lambda (x) ,x) ',x))
|
|
|
|
|
Right click on the breakpoint's red ball => Condition.
Here you go!
Admittedly it does slow down the program a bit...
A train station is where the train stops. A bus station is where the bus stops. On my desk, I have a work station....
_________________________________________________________
My programs never have bugs, they just develop random features.
|
|
|
|
|
Thanks. I'll give it a try sometime next week.
Luc Pattyn [Forum Guidelines] [My Articles]
The quality and detail of your question reflects on the effectiveness of the help you are likely to get.
Show formatted code inside PRE tags, and give clear symptoms when describing a problem.
|
|
|
|