« The Process that Never Failed  Beware of the Banana Cream Pie Blizzard » 
"I was going through old email from several years back I ran into this gem," writes Lianna. "This snippet, with data anonymized, comes from the logs of the database as some of the queries that were performed by a particular PHP system:"
update tmp set f76 ='p' where f0=1961520010330; INSERT INTO tmp (f0,f18,klther) VALUES ('1961720010330','985356431','bestaand'); update tmp set f1 ='' where f0=1961720010330; update tmp set f2 ='' where f0=1961720010330; update tmp set f3 ='M' where f0=1961720010330; update tmp set f4 ='J.' where f0=1961720010330; update tmp set f5 ='Doe' where f0=1961720010330; update tmp set f6 ='' where f0=1961720010330; update tmp set f7 ='Somestreet' where f0=1961720010330; update tmp set f8 ='123' where f0=1961720010330; update tmp set f9 ='1001' where f0=1961720010330; update tmp set f10 ='AA' where f0=1961720010330; update tmp set f11 ='SOME CITY' where f0=1961720010330; update tmp set f12 ='0123' where f0=1961720010330; update tmp set f13 ='456789' where f0=1961720010330; update tmp set f14 ='user@domain.nl' where f0=1961720010330; update tmp set f15 ='1440513' where f0=1961720010330; update tmp set f16 ='jdoe123' where f0=1961720010330; update tmp set f29 ='1195073' where f0=1961720010330; update tmp set f20 ='1001' where f0=1961720010330; update tmp set f21 ='AA' where f0=1961720010330; update tmp set f22 ='0123' where f0=1961720010330; update tmp set f23 ='456789' where f0=1961720010330; update tmp set f76 ='p' where f0=1961720010330; update tmp set f48 ='' where f0=1961720010330; update tmp set f49 ='' where f0=1961720010330; update tmp set f50 ='' where f0=1961720010330; update tmp set f51 ='IEG' where f0=1961720010330; update tmp set f30 ='1287342' where f0=1961720010330; update tmp set f59 ='AQ' where f0=1961720010330; update tmp set f61 ='' where f0=1961720010330; update tmp set f75 ='' where f0=1961720010330;
"The rationale at the time was that when you do things like this there's always room for expansion. If you need another column, just add a new one, adding one to the highest 'f column'."
"The best part though was that depending on the type of content in a row, different columns would be used for the same kind of data. In other words, the zip code would would suddenly appear in columns f43/f44 instead of f9/f10 (where it always was expected to live). Why? 'Because that's just how the business logic works.'"
"Surprisingly, the system actually (mostly) worked and they did manage to maintain it for quite some time. Thankfully, by the time the second incarnation of the system rolled out, the original developers had at long last learned their lesson undoubtedly learned the hard way when they were in the midst of their conversion."
FINALLY... a REAL WTF! It has been days since I had a good vomit!
I wish I could see the entire workflow that made it necessary to update a single row, one column at a time :p. I am guessing it was tied to the onchange event on an html form, causing an ajax post every time a form element value was modified. Would be interesting to see if this "ENGINEER" had bothered to sanitize the input. 
I like the Dutch word "bestaand" in there, which means "existing". As a string...

« The Process that Never Failed  Beware of the Banana Cream Pie Blizzard » 