“No EXECUTE-ions,” the whiteboard read. Doug always smiled at the note in the common space at Wolfram and Hart Software, but it had taken on a more sinister meaning lately.

“Use a stored procedure? No can do,” the DBA Joss said. “The codebase simply won’t support it. If your query requires anything other than SELECT, INSERT, UPDATE, OR DELETE, it fails.”

“And no one knows why?” Doug asked.

“The app was written before the One Ring was forged in Mount Doom,” Joss said. “With the turnover here, there’s no one left who could tell you where to start.”

Doug sighed. He went back to his desk and checked his ticket queue; he had only a few minor tickets left, so he could spare a couple hours figuring out how to make the app support stored procedures.

Deep within the codebase, Doug found a single, uncommented function.

Private Function ValidateSQLText(ByVal value As String) As Boolean 
    Dim SQL As Boolean = False 
    Dim sqlwords As String() = New String() {"select", "insert", "update", "delete"} 
    For Each word As String In sqlwords 
        If value.ToLower().IndexOf(word) <> -1 Then 
            SQL = True 
            Exit For 
        End If 
    Next 
    Return SQL 
End Function 

Doug faced a Faustian conundrum. He could add “execute” to the sqlwords list and be able to use stored procedures in the app, but the validator allowed such non-valid SQL as “Select coffee on sale” and “Press the delete key.” Adding “execute” would do nothing to actually validate the SQL being passed in.

In the end, he made the deal with the devil: he added “execute” to the sqlwords list. Wolfram and Hart Software would come one day to reap his soul, but not today.

[Advertisement] BuildMaster allows you to create a self-service release management platform that allows different teams to manage their applications. Explore how!