Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

This is different code than the 2007 PHP code here: https://gist.github.com/nikcub/3833406


I wonder why they switched from perl to php. Seems kinda six of one, half dozen of the other.


Looking at that code they probably didn't actually have a professional Perl developer on staff. The code isn't terrible, but certainly a far cry from good. It doesn't help that back in 2005 all the books for learning Perl were still teaching a code style from the early 90s.

Edit: I revise the terrible bit, it's a little terrible, as it has SQL injections.


It seems much more ancient than 2005 (I would have guessed 1990's).


also their 2007 php sucks...


The problems with that code don't have anything to do with it being perl, though. It's just amateur in any language.


>"It's just amateur in any language."

Can you point out specific instances of where it is amateur? That would be more helpful to learners.


After a quick skim, I found a few things.

It's full of SQL injections, to start. (I really like using the subdomain name from the HTTP_HOST environment variable in a SQL query. That's a new attack vector I hadn't considered.)

It's full of silly inefficiencies, such as iterating over an array and preparing distinct but trivially parametric queries for each element.

It has a strange mix of effectively package global lexical variables and block-scoped lexical variables, which means that running this in any sort of persistent service model would be very buggy.

It looks like it ignores parts of the CGI standard.

It looks like it takes database connection information from cookies (except it never uses that code).

The `find_node` function looks like it's using the wrong data structure entirely, but that's okay, because that pattern's repeated a few times. That's doubly suspect, because this seems like the sort of thing a WHERE clause in the SQL query could handle (though to be fair, it might require a subquery, and the version of Mysql Facebook had deployed in 2005 might not have supported those very well; I don't remember).


I'm not sure but I thought Facebook was PHP from the beginning. Perhaps they thought building the svg graph was easier in Perl for some reason?


It was, and you are correct. Look at line #299 for a reference.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: