I’m trying to run through some old code to fix up security issues and its creating bugs everywhere today. I don’t think I’ve seen it produce such low quality code before.
It has renamed variables and then not used the variable its renamed it to, in a 15 line function.
It is compressing code into multiple ternary blocks.
It’s removing brackets around single line if statements.
Its replacing individual str_replace lines with arrays, which doesn’t have the same meaning (it now would replace all of the keys in each string, instead of the one key in each string).
It’s broken the logging by dropping the query output and just changed it to the error message.
It’s remove real_escape_string() from code that it has conceeded it shouldn’t have when pressed.
Its messed around with date() and time() values and ended up creating something that it has conceed would have output a different value.
It’s told me that it has made changes that it has not done.
Its been asked to fix sql injection errors in a file and it has done everything but and then concluded with you should also consider switching to prepared statements before you use this in a production environment.
Twice it has put lazy style comments in like “you finish doing this” and not provided the code (on a 255 line file)
I’ve only got through 4 files (908 lines of code) so far and its taken me an hour and 20 minutes.