http://ayende.comAyende @ RahienCopyright (C) Ayende Rahien 2004 - 2021 (c) 202660I am absolutely shocked at how many people are defending this code! This has nothing to do with favoring OO over any other style. There are two very BLATANT security holes that would be fire-on-the-spot offenses at any software company worth it's weight in rice. I can deal with the sloppy/n00bish code outside of that, maybe this guy is just out of college or something. But it's clear he has no idea how dangerous that code would be in production or he would have never even considered sending it in as job application material.http://ayende.com/102402/negative-hiring-decisions-part-ii#comment74http://ayende.com/102402/negative-hiring-decisions-part-ii#comment74Thu, 03 Nov 2011 20:42:39 GMTSpotted another good one -- who here writes their queries like "SELECT [DbName].[SchemaName].[TableName] . . . "? Not I, but MSSql Studio sure does . . .http://ayende.com/102402/negative-hiring-decisions-part-ii#comment73http://ayende.com/102402/negative-hiring-decisions-part-ii#comment73Thu, 13 Oct 2011 22:54:53 GMTBad code. BAD code. But you know what? In an interview, if I had half an hour to solve a specific problem, I might write something as sloppy. But well-commented, with a great many "this is bad practice, usually I would do X instead for this reason." At home, with a reasonable amount of time? That's just embarrassing (though I probably still wouldn't bother renaming WebForm2.) And in production, just inexcusable. http://ayende.com/102402/negative-hiring-decisions-part-ii#comment72http://ayende.com/102402/negative-hiring-decisions-part-ii#comment72Thu, 13 Oct 2011 16:35:35 GMTEven if it's a Junior developer, he should be careful about the passing critical data as query string. Have a look at a code in one of the Microsoft KB article http://support.microsoft.com/kb/308060 http://ayende.com/102402/negative-hiring-decisions-part-ii#comment71http://ayende.com/102402/negative-hiring-decisions-part-ii#comment71Thu, 13 Oct 2011 13:29:07 GMTConsidering this is a junior candidate is it really classy to post this on the Web?http://ayende.com/102402/negative-hiring-decisions-part-ii#comment70http://ayende.com/102402/negative-hiring-decisions-part-ii#comment70Thu, 13 Oct 2011 13:13:48 GMTAt least he disposed of the SqlConnection. :) TBH, I've seen code much worse than this (though this wouldn't be acceptable, of course). I've seen code like this in production too. That said, this guy shouldn't be written off totally. He needs an internship or some serious mentoring before being let loose on a real system but everyone has to start somewhere and learn from their mistakes.http://ayende.com/102402/negative-hiring-decisions-part-ii#comment69http://ayende.com/102402/negative-hiring-decisions-part-ii#comment69Thu, 13 Oct 2011 09:28:38 GMTFrighteningly, at my company we have many developers who regularly write code that is just as bad or worse. A lot of it makes it to production. This is for financial services of many hedge funds in New York City.http://ayende.com/102402/negative-hiring-decisions-part-ii#comment68http://ayende.com/102402/negative-hiring-decisions-part-ii#comment68Wed, 12 Oct 2011 18:50:01 GMTrookiesadvocate - read post by Bob and you'll understand only the k00l kidz are all0wed t0 read this bl0g. run al0ng n0w because y0u're wasting every0nes timehttp://ayende.com/102402/negative-hiring-decisions-part-ii#comment67http://ayende.com/102402/negative-hiring-decisions-part-ii#comment67Wed, 12 Oct 2011 15:01:05 GMTI just wanna point, that not all of the readers of this blog are programming Gods - all knowing creatures that sees everything so obvious, and for them comments like "omg what a noob, teribble etc." have zero value, and therefore I would like to thank people like Rabo, to actually point what's wrong,http://ayende.com/102402/negative-hiring-decisions-part-ii#comment66http://ayende.com/102402/negative-hiring-decisions-part-ii#comment66Wed, 12 Oct 2011 00:52:24 GMTMore interesting than the complete lack of security protocol in the quality of the code that this interviewee has written, is the fact that all of the commenters above me have completely missed the fact that the passwords are stored CLEARTEXT in this sample database.http://ayende.com/102402/negative-hiring-decisions-part-ii#comment65http://ayende.com/102402/negative-hiring-decisions-part-ii#comment65Tue, 11 Oct 2011 23:46:33 GMT@Balko Same. It's not fun maintaining a class with all logic inside a single method... @Wayne If a jr dev wrote this, I'd ask him/her why he/she didn't bother naming the variables or if there is anything wrong with the submitted code. I'll proceed depending on his/her response. I guess I'd try to be more fair because I'm still a jr dev for the most part. But Ayende takes no prisoners :) http://ayende.com/102402/negative-hiring-decisions-part-ii#comment64http://ayende.com/102402/negative-hiring-decisions-part-ii#comment64Tue, 11 Oct 2011 20:56:00 GMTTroll anyone?http://ayende.com/102402/negative-hiring-decisions-part-ii#comment63http://ayende.com/102402/negative-hiring-decisions-part-ii#comment63Tue, 11 Oct 2011 19:28:35 GMTI can top that, Balko. The legacy WebForms code I work with has pretty much everything either in a code behind or lumped into one library file, sometimes with a single code file having multiple classes inside it. The code uses a mix of Hungarian notation for no reason, returns ints/bools on methods that should be void and throw exceptions on failure, returns raw untyped DataSets instead of objects/collections of objects, and has zero concept of SoC, SOLID or even basic OOP. There are several classes that do a dozen different things, and to top it off there is one class that has some 6000 lines of static methods and relies on copy/pasted **GOTO** statements (Yes, I said GOTO in C# 3.5). We are not able to refactor it because everything is so tightly coupled that a simple refactor will probably break most of the code (and there are no unit tests whatsoever).http://ayende.com/102402/negative-hiring-decisions-part-ii#comment62http://ayende.com/102402/negative-hiring-decisions-part-ii#comment62Tue, 11 Oct 2011 15:28:57 GMTI'm currently refactoring some legacy asp.net webforms code, let me tell you that this snippet is nothing compared to what I'm seeing. We're talking about 500 lines of code in a button click handler...Oh the fun !http://ayende.com/102402/negative-hiring-decisions-part-ii#comment61http://ayende.com/102402/negative-hiring-decisions-part-ii#comment61Tue, 11 Oct 2011 14:58:03 GMTAs I recall Ayende is hiring for a junior candidate, right? Given that, it can be forgiven that there isn't a clean separation or use of Repository/Gateway/pattern du jour. I could even maybe excuse the SQL Injection as someone fresh out of school or not yet graduated might not know of SQL Injection, since I doubt most curriculum covers it (here in Florida USA at any rate). However, what can't be excused is the lack of effort, and I think *that* is what Ayende is getting at (I could be wrong, however). It's inexcusable to not do something as trivial as use meaningful names, and shows a lack of caring. The other issues (hard-coded SQL, non-parameterized queries) can be fixed with guidance and explanation, the lack of professionalism cannot. Even for throwaway test code, this is bad because the person who wrote it obviously didn't care about anything other than getting it done fast - the worst possible thing a working developer can do.http://ayende.com/102402/negative-hiring-decisions-part-ii#comment60http://ayende.com/102402/negative-hiring-decisions-part-ii#comment60Tue, 11 Oct 2011 13:45:34 GMTDid the candidate apply for a junior or a senior position? http://ayende.com/102402/negative-hiring-decisions-part-ii#comment59http://ayende.com/102402/negative-hiring-decisions-part-ii#comment59Tue, 11 Oct 2011 12:36:48 GMTToo bad a lot of developers are doing this years after years, and schools, textbooks and even employers are encouraging developers to produce shit code.http://ayende.com/102402/negative-hiring-decisions-part-ii#comment58http://ayende.com/102402/negative-hiring-decisions-part-ii#comment58Tue, 11 Oct 2011 10:42:02 GMTI guess it all boils down to which level this developer supposedly is on. If he/she is straight out of school I think it may be ok if the person is to be hired as a trainee of some sort (though very sloppy naming). If this is supposed to be a senior, it's way of all standards.http://ayende.com/102402/negative-hiring-decisions-part-ii#comment57http://ayende.com/102402/negative-hiring-decisions-part-ii#comment57Tue, 11 Oct 2011 05:53:05 GMTI agree who has a white background behind code, I went blind before I finished reading ithttp://ayende.com/102402/negative-hiring-decisions-part-ii#comment56http://ayende.com/102402/negative-hiring-decisions-part-ii#comment56Tue, 11 Oct 2011 04:43:57 GMTThis reminds me of old DailyWTF posts.http://ayende.com/102402/negative-hiring-decisions-part-ii#comment55http://ayende.com/102402/negative-hiring-decisions-part-ii#comment55Tue, 11 Oct 2011 04:31:18 GMTdeja-vu! I'm sure i've seen similar code at work, mutter mutter. @Mykel, made me smile too.http://ayende.com/102402/negative-hiring-decisions-part-ii#comment54http://ayende.com/102402/negative-hiring-decisions-part-ii#comment54Tue, 11 Oct 2011 03:25:56 GMTAs a designer, the straw that broke the camel's back was seeing your code example completely break the bounds of your grid. Irony?http://ayende.com/102402/negative-hiring-decisions-part-ii#comment53http://ayende.com/102402/negative-hiring-decisions-part-ii#comment53Tue, 11 Oct 2011 02:03:29 GMTYou're complaining about a candidate's code but your pasted code runs across the page, and if Google JavaScript is blocked the reCAPTCHA plugin breaks this page and displays raw code.http://ayende.com/102402/negative-hiring-decisions-part-ii#comment51http://ayende.com/102402/negative-hiring-decisions-part-ii#comment51Tue, 11 Oct 2011 01:56:17 GMTGuess this guy just wants an entry on your blog. he's funny :)http://ayende.com/102402/negative-hiring-decisions-part-ii#comment50http://ayende.com/102402/negative-hiring-decisions-part-ii#comment50Mon, 10 Oct 2011 22:50:25 GMT@Zee umm, yea we do. And I surely hope that one cannot copyright a HelloWorld app but nothing would surprise me. Don't be offended because ignorance != stupidity so for people getting defensive, pulling your emotions away from your code is the first step to becoming a better programmer.http://ayende.com/102402/negative-hiring-decisions-part-ii#comment49http://ayende.com/102402/negative-hiring-decisions-part-ii#comment49Mon, 10 Oct 2011 21:48:45 GMTYes this is overall really bad code, especially if he had the time to do it at home with enough time to think about it. But in the end this is code many developers are producing every day in real world projects. Maybe one reason for this is, that no one takes the time to teach them, how to do things right. I think if you want to hire an Ayende - MK II we will read such posts for the next few years...http://ayende.com/102402/negative-hiring-decisions-part-ii#comment48http://ayende.com/102402/negative-hiring-decisions-part-ii#comment48Mon, 10 Oct 2011 21:20:35 GMTYou should really pay someone to spend their time sifting through this sort of candidates. I cannot imagine this being a very productive use of your time.http://ayende.com/102402/negative-hiring-decisions-part-ii#comment47http://ayende.com/102402/negative-hiring-decisions-part-ii#comment47Mon, 10 Oct 2011 21:07:10 GMTStandard quality. Not very horrible.http://ayende.com/102402/negative-hiring-decisions-part-ii#comment46http://ayende.com/102402/negative-hiring-decisions-part-ii#comment46Mon, 10 Oct 2011 20:02:49 GMTMe thinks its the picture of camel and straw that are the real reason for not hiring. How can you maintain code that is littered with pictures?http://ayende.com/102402/negative-hiring-decisions-part-ii#comment45http://ayende.com/102402/negative-hiring-decisions-part-ii#comment45Mon, 10 Oct 2011 19:41:38 GMTDamn, who is this guy? He knows more sql than me,http://ayende.com/102402/negative-hiring-decisions-part-ii#comment44http://ayende.com/102402/negative-hiring-decisions-part-ii#comment44Mon, 10 Oct 2011 19:08:16 GMT