Furthermore, it's important that the salt be unique per password. If you had a single common salt in your code, then two users with the same password would produce the same hash.
Using the same salt for every password in the database protects against an attacker using a pre-computed dictionary ("rainbow tables" are something like this) to attack your stored hash values. Using (and storing) a separate salt for each password protects against that and ALSO protects against the attacker building a dictionary of common passwords with a certain salt and then using that dictionary to crack ALL the passwords in the database at once.
So one-salt-per-user is clearly better, but one-salt-for-all is still better than no-salt-at-all.
Not exactly. Having a salt at all mitigates rainbow table attacks, having a unique salt per password also limits brute-force attacks (you can't brute-force the whole table trying out cleartexts with a given salt, you have to brute-force each password individually).
Having a global unique salt is already better than no salt at all.
I have heard of doing both, though I have not seen it yet in production. It gives the benefit of having to get the code and the database while also requiring dictionaries to be build per password.
I think the considered opinion of "the people in the know" is that getting the code is just not that hard, and the global secret technique offers more illusory security than real security.
This is only a problem in the sense that once one hash has been cracked the so is the other, however most authentication is done using some user/email attribute also.
Usually we fetch user/email, hash password, compare to hash in database - authenticate if match or deny if not.
You might feel like adding a hidden component but it won't noticeably help security and it's not a salt.