{
"$type": "site.standard.document",
"bskyPostRef": {
"cid": "bafyreieyrpq4np4i5xrqpnqcjrdjltzw3xo4zcu6tjrdcicup7nxpiy7sy",
"uri": "at://did:plc:vyjlfm46mfv6u4vjp6qtrfx2/app.bsky.feed.post/3mituo7c56xk2"
},
"coverImage": {
"$type": "blob",
"ref": {
"$link": "bafkreidg2k33tiuupnstmiowh7hyyvtsbe3gyhfygiytrzynysnhoctrxi"
},
"mimeType": "image/jpeg",
"size": 81260
},
"path": "/articles/the-update-route",
"publishedAt": "2026-04-06T06:30:00.000Z",
"site": "https://thedailywtf.com",
"tags": [
"CodeSOD",
"Learn more."
],
"textContent": "Today's anonymous submission is one of the entries where I look at it and go, \"Wait, that's totally wrong, that could have never worked.\" And then I realize, that's _why_ it was submitted: it was absolutely broken code which got to production, _somehow_.\n\n\n Collection.updateOne(query, update, function(err, result, next)=>{\n if(err) next(err)\n ...\n })\n\n\nSo, `Collection.updateOne` is an API method for MongoDB. It takes three parameters: a filter to find the document, an update to perform on the document, and then an object containing other parameters to control how that update is done.\n\nSo this code is simply _wrong_. But it's worse than that, because it's wrong in a stupid way.\n\nWhen creating routes using ExpressJS, you define a route and a callback to handle the route. The callback takes a few parameters: the request the browser sent, the result we're sending back, and a next function, which lets you have multiple callbacks attached to the same route. By invoking `next()` you're passing control to the _next_ callback in the chain.\n\nSo what we have here is either an absolute brain fart, or more likely, a find-and-replace failure. A route handling callback got mixed in with database operations (which, as an aside, if your route handling code is anywhere near database code, you've also made a _horrible_ mistake). The result is a line of code that doesn't work. And then someone released this non-working code into production.\n\nOur submiter writes:\n\n> This blew up our logs today, has been in the code since 2019. I removed it in a handful of other places too.\n\nWhich raises the other question: why didn't this blow up the logs _earlier_?\n\n[Advertisement] ProGet’s got you covered with security and access controls on your NuGet feeds. Learn more.",
"title": "CodeSOD: The Update Route"
}