CodeSOD

Andreas C stumbled upon what might possibly be the most secure code ever written. At least, according to its original author.

When it comes to SQL injection detection, we at The Daily WTF could be doing better. It's not that I don't trust Alex's modifications to our CMS system to be injection-proof, I'm just saying that I'd prefer that you people didn't post comments like "') DELETE FROM Articles --". Or, if you must, at least "') DELETE FROM Articles WHERE Author_Name <> 'Jake Vinson' --".

Ben Siemon was pleasantly surprised to find comments in some code he came across...

"Some years ago I was looking for a job and did a lot of online résumé form filling," Gustavo S. writes.

"While exploring a rather large PHP codebase at my new job," Anthony C writes, "I kept coming across a rather curious pattern from the previous developers:

"Not too long ago," Jess writes, "I adopted an application that needed 'a rather minor change' to its functionality. Naturally, when I started, the project owner had no idea what file or directory the functionality was in, so he gave me access to the server and sent me off. After wading through a number of oddly named directories trying to find where the site was even located, I finally found the index file I had hoped would set me in the right direction."