“No EXECUTE-ions,” the whiteboard read. Doug always smiled at the note in the common space at Wolfram and Hart Software, but it had taken on a more sinister meaning lately.
“Use a stored procedure? No can do,” the DBA Joss said. “The codebase simply won’t support it. If your query requires anything other than SELECT, INSERT, UPDATE, OR DELETE, it fails.”
“And no one knows why?” Doug asked.
“The app was written before the One Ring was forged in Mount Doom,” Joss said. “With the turnover here, there’s no one left who could tell you where to start.”
Doug sighed. He went back to his desk and checked his ticket queue; he had only a few minor tickets left, so he could spare a couple hours figuring out how to make the app support stored procedures.
Deep within the codebase, Doug found a single, uncommented function.
Private Function ValidateSQLText(ByVal value As String) As Boolean Dim SQL As Boolean = False Dim sqlwords As String() = New String() {"select", "insert", "update", "delete"} For Each word As String In sqlwords If value.ToLower().IndexOf(word) <> -1 Then SQL = True Exit For End If Next Return SQL End Function
Doug faced a Faustian conundrum. He could add “execute” to the sqlwords list and be able to use stored procedures in the app, but the validator allowed such non-valid SQL as “Select coffee on sale” and “Press the delete key.” Adding “execute” would do nothing to actually validate the SQL being passed in.
In the end, he made the deal with the devil: he added “execute” to the sqlwords list. Wolfram and Hart Software would come one day to reap his soul, but not today.