Every time I look at code that obviously looks copied-and-pasted from the web, I cringe. They didn't even bother to update the variables to make sense in their own code. Why are people still using deprecated functions, SQL injection vulnerable code, or freely opening up their computer to the whole world?
Yes, they are lazy. But it's not entirely their fault. Here is where the problem lies. Most of the stuff you read online, the examples, the tutorials, the quick tips, they are there simply to give you an idea how things work. At least that's the intention of the author. When I asked an author, here is what he told me.
It's an example. I don't expect anyone to be stupid enough to copy & paste the code without knowing what it does, but again I will edit to add a warning.
It's an example. Yes, for the author it is only an example, and no one in their right mind will copy and paste it. But we do. We copy and paste it in our code that will be shipped in our production software.
If we are going to write any code on the web, we have to assume that it will be used as is in a real application. So we cannot skip on the part where we have to sanitize user input. Or the part where we don't bother writing well because it is just an example.
I know that when I have looked for an answer to a problem for many hours I start becoming lazy and simply copy and paste a bunch of examples until I see it working. I shouldn't, but I do. So do the millions of developers constantly looking for a solution to their problem.
So let's take a moment to remember this:
People don't copy and paste because they are stupid. They do so because we present them with an answer to their problem.
Writers: pretend you were going to use this code in your own software, would you skimp on security?
Copy/Pasters: Don't blindly copy and paste. If you do, when your code works, go back to read what you have copied and pasted to make sure it's not doing anything funny.