• slinger (unregistered) in reply to Joe
    Joe:
    nonpartisan:

    Guessing here . . . something like:

    SELECT TOP 1 column FROM table ORDER BY column DESC;

    ?

    My SQL is rusty . . .

    Yes, but what if there are more than 1 with the same largest value?

    You should do a "SELECT DISTINCT TOP 1 FROM table ORDER BY column DESC;"

    Or depending on the flavor of SQL, you might need "WHERE ROWNUM = 1" instead of TOP 1.

    --Joe

    Assuming this no troll....

    1. the distinct is irrelevent
    2. I think (might be worng) the order happens after the 'select top 1', so you will always get some arbitrary value back.
  • irlon (unregistered) in reply to no u
    no u:
    C-Octothorpe:
    no u:
    I always like to ask candidates...

    Unlikely...

    You're either a manager or a CS grad/student... Isn't it funny how it's hard to tell the difference?

    no idea what this is based on, but whether an internet troll finds it unlikely or not, it is the case.

    .. and for all the people offering solutions, you are all more or less coming up with the same answer, which is the one I had in mind. It always suprised me that others couldn't think of this, but maybe that is the pressure of an interview situation.

    Maybe you should hire from this site, then, if you've never had a candidate find that solution, yet about 5-10 people have opinions on the problme here similar to your own

  • boonie drinks his way across the ocean (unregistered) in reply to Hortical
    Hortical:
    C-Octothorpe:
    What's so difficult to understand? Is this piece of code vulerable to SQLi? Yes, absolutely it is. Is the consumer always going to pass trusted data? Who knows...

    The trouble is that you're basing your views on an uncertanty, which is what you claim "everybody else" is doing wrong... Personally, I would rather not trust the caller and be sure that I can handle safe, malicious and garbage data.

    I guess you're far more trusting than myself and everybody else, including security experts, are...

    You're also failing to think about the junior devs who will maintain this code several years down the road. Do they know about sqli? Probably not. But at least you can be sure you're piece of code is written safely and can handle it.

    Everyone knows about SQLi. There was an xkcd about it, so yes, even juniors.

    Let's imagine you go ahead and put SQL sanitization at every level of this program, including internal functions like the one shown.

    Years later, someone looks at it and thinks "What's with all the redundancy? I'm posting this to TDWTF!"

    Perhaps it's more the program's structure that is in question? If you're re-sanitizing several times, I think something is wrong.

    Granted you may not need tosanitize at every level, but I would think the point where the SQL is being created is the most sensible place to sanitize - rather than relying on someone sanitizing just before calling (which is probably more difficult/error prone).

    Once the statement is created, you have no (easy) way of knowing what has been added by the program, and what has been added by external forces, so sanitisation like escaping key characters is probably useless. It only really makes sense to sanitize input as it comes in...

    Presumably, the SQL is built in one place, and this is where the sanitization belongs - at the point you xcan still shit yourself and get out...

  • rweye (unregistered) in reply to mtj
    mtj:
    Andy:
    Lone Marauder:
    OK, I'll bite:

    I'm not a coder, just a lowly network grunt. Can someone explain the WTF here?

    SELECT count(*) FROM tblleads WHERE homenum = " + myHomeID + " AND reviewed = " + myStatus;

    Would be much faster as the DB can calculate it without fetching the whole (!) table with all (!!) data fields over the DB connection only to ignore the fields and count the rows...

    Opening the DB connection only close it right afterwards is not very performant either. But that's another WTF...

    In fact "SELECT COUNT(homnum) FROM tblleads WHERE homnum = ? AND reviewed = ?;" is more what he wants.

    (Count(*) would be unnecessarily forcing the db to process all fields.)

    Maybe different Dbs are different, I remember being told that count(1) is more efficient than count() (in an ingres course way back when (read: a couple of years ago)), but askTom (which I think is more oracle based) claims count() is at least equivalent and probably more efficient than isolating a single columne.

  • Robert (unregistered)

    Just Remember - http://xkcd.com/327/, these types of people are out there

  • molooloola (unregistered) in reply to This June's a Hot One
    This June's a Hot One:
    Kiss me I'm Polish:
    This should be:
    • Hey, SQL, can you tell me how many friends I have?
    • But certainly. You have 3 friends.

    But instead it is:

    • Hey, SQL, can you tell me everything about my friends?
    • Sure! There's Roy, he's kinda laid back, not very bright but ingenious, about 30 year old, he has some success with women, but his dates end up mostly in disaster. Then there's Moss, he's bright but socially awkward; lives with his mom, but makes up for it with technical skills, around 30, a little scared of women, you'll love him. Finally there's Kate, she's your ambitious graduate who just lands a job with computers by misfortune; she's the youngest, and probably the most adapted of them all; she compensates an obvious technical ineptitude with social skills.
    • Oh. I have 3 friends, then.
    Actually, my count is 0.

    You do realize that you just described the three main characters from the IT Crowd, don't you?

    Given (s)he even used their names, I'm guessing 'twas no accident, frenchy!

    Or were you trying to prove you could see the reference.

    On a totally unrelated topic, why does it seem like all registered users are trolls? Finally, is Hortical the original boog?

  • MB (unregistered)

    This horse has been beaten to death in this comment thread. The concept of what is "right" is a ephemeral as same-sex marriage. No one can say whether allowing MM or FF families to be full-fledged members of society is a bad thing, and no one can say whether a kid who is adopted in such scenarios will cause more damage to society than a "protected" application utility method. So why are we arguing? For some reason, we think we can be "right" or that society gives a damn about what my particular opinion is. Give it up. There is no right or wrong--this kind of feeling is what has kept males from being able to declare their union with other males to be as valid as a normal males union with a female. Are we really that dependant on a single chromosome or a slightly more safety-conscious view of a private API? The answer is no. Feel free to disagree, but in no way do I feel like my forward-thinking society is in any way subordinate to the standard American way of thinking.

  • ted (unregistered) in reply to Robert
    Robert:
    Just Remember - http://xkcd.com/327/, these types of people are out there

    I didn't even click on the link and knew it was some fag linking xkcd. It's not clever. It's not funny. Just the word "sanitation" with a link under it and the short, useless, one sentence post was all I needed to know that you were linking the cartoon where the family names their fag kid a name that will destroy the database.

    It was funny to read when it came out. It's even funny when clicking on the Random button on the site and seeing it. It's NOT funny when someone links to it from a one-sentence post and thinks they're so fucking clever to have discovered xkcd.

    You probably still use lmgtfy and think you're so damn clever.

    It means in real life, you're an unoriginal hipster doofus.

    Got anything to do with sanitizing inputs to a SQL database, etc.? Link to Bobby Tables. Got a nerd-project slow-ass turing machine? Like a minecraft logic circuit from redstone? Link to the one where it's some guy alone in the world making a computer out of rocks. Got a story about password security or encryption? Link to the one where they beat the password out of the guy with a wrench.

    Fuck off. You're not clever. Unwiped Asshole.

  • M[b]L[/b]B (unregistered) in reply to MB
    MB:
    This horse has been beaten to death in this comment thread. The concept of what is "right" is a ephemeral as same-sex marriage. No one can say whether allowing MM or FF families to be full-fledged members of society is a bad thing, and no one can say whether a kid who is adopted in such scenarios will cause more damage to society than a "protected" application utility method. So why are we arguing? For some reason, we think we can be "right" or that society gives a damn about what my particular opinion is. Give it up. There is no right or wrong--this kind of feeling is what has kept males from being able to declare their union with other males to be as valid as a normal males union with a female. Are we really that dependant on a single chromosome or a slightly more safety-conscious view of a private API? The answer is no. Feel free to disagree, but in no way do I feel like my forward-thinking society is in any way subordinate to the standard American way of thinking.
    Your diatribe is not at all interesting, but your viewpoint is. So, you're MB, eh? I'm guessing that stands for ultra-Nazi Michelle Bachman? No? Well, I'll assume you left the "League" out then. It's amazing how in Baseball that there is not one single homosexual familry relationship when homosexuals naturally consist of 35% of the natural couples in the U.S. Why does "The Organization" see fit to hide it? Or do the ones that are in there just think that "coming out" is something that would hurt their tendency as atheletes? Never mind. STFU, because I don't want to hear your "scientific" proofs regarding how men who desire women are more fit to hit a baseball than men who desire other men. You're ilk were the first to be sexist, then the first to be racist, and then the first to be homophobes. Die and burn in whatever your religion foolishly regards as Hell. Ye gods, I wish the lake of fire really existed.
  • midas (unregistered) in reply to ted

    This reminds me of http://xkcd.com/169/

  • midas (unregistered) in reply to ted

    This reminds me of http://xkcd.com/169/

  • Waffle (unregistered)

    That's just some lazy cut and paste scripting by a coder who hasn't done SQL before and lied about it in the job interview. I've seen far, far worse than this on every second contract role I've done by n00bs who just got out of university.

    I've done plenty of this sort of cut-n-paste scripting for clients won't pay for me to do the job properly. Gives me alot of performance optimisation work down the road when the client is finally making money off the software.

  • (cs) in reply to Bill C.
    Bill C.:
    You could do an descending order-by of the column, and then just pick off the top row ("Select Top 1" in SQL Server, "Where rownum=1" in Oracle).
    In Oracle, at least, rownum is evaluated before the sort. You need to use a subquery to use this method.

    For the problem of returning other columns in the row with the highest value of a given column, in Oracle I'd typically use the rank() analytic function. This also allows you to do grouping etc.

    select col1, col2, col3 from (select col1, col2, col3, rank() over (order by col2 desc partition by col1) as rnk from my_table ) where rnk = 1

    This will get you one record for each distinct value of col1, with a maximal value of col2, and the associated value of col3.

    You could do "Where Not Exists (<row with a higher value>)".
    Apart from adding to the query complexity (especially if your "table" is actually several tables joined together), you're now returning multiple rows if the maximum is not unique. Of course you can get around this with a DISTINCT, as long as you're only after the maximum value itself.
    Tim:
    SELECT -MIN(-theColumn) FROM theTable;
    Yes, I bet that works really well for string or date columns.
  • Amol (unregistered)

    Wow... a prorammer who did not forget to close the connection!!

    CAPTCHA: inhibeo (WTF???)

  • (cs) in reply to mike
    mike:
    There is no cost to using prepared statements for field substitution. Indeed, its use can improve performance when multiple queries are made. Used consistently, it makes your code provably invulnerable to SQL injection attacks. It avoids other potential bugs that come from data changes (spaces, commas, etc in your fields). For very good reasons, it is the current best practice for forming SQL string queries.

    Using string concatenation for SQL field substitution is always the wrong way to do it. It promotes sloppiness in your code base, provides dangerous sample code for people coming on later to the project, and it is a hole in your code where you can't unequivocally claim there is no chance for SQL injection attacks. Arguing that it doesn't matter shows a deliberate disregard for good programming practices.

    Finally someone who gets it instead of making up excuses. Thank you!

  • .net way back (unregistered)

    To be fair.. at least he used a DataReader to loop over the records.. I mean he could have used a DataSet which is a power of magnitude slower.. At least way back when I used to code .net.

    Not that it excuses him from horrible database code. A return parameter would have done nicely.

  • junior (unregistered) in reply to Kuba

    There is a cost to splitting your code, just as there is a cost to using globals.

    There is a cost to adding stored procedures to your data (even simple ones) just as there is a cost to keeping all your query language in your application.

    I appreciate that for most people, using the tools most people use, the balance is for using only named procedures.

    I was suprised at the code, so for me it was a WTF, but that doesn't mean it's wrong. I grew out of thinking that everything I didn't understand was wrong after the first couple of years.

  • (cs)

    --- How long was the contract, clearly he couldn't finish the development in time with that kind of code ---

    SELECT COUNT(*) FROM dbTable

  • Kill Bill #3 (unregistered) in reply to Joe
    Joe:
    nonpartisan:

    Guessing here . . . something like:

    SELECT TOP 1 column FROM table ORDER BY column DESC;

    ?

    My SQL is rusty . . .

    Yes, but what if there are more than 1 with the same largest value?

    You should do a "SELECT DISTINCT TOP 1 FROM table ORDER BY column DESC;"

    Or depending on the flavor of SQL, you might need "WHERE ROWNUM = 1" instead of TOP 1.

    --Joe

    Interesting. Select top 1 returning more than 1 row? You might need a new "integer" unit for your hardware. Pentium 3.3333333333333333, anyone?

  • Kill Bill #3 (unregistered) in reply to M[b]L[/b]B
    MLB:
    MB:
    This horse has been beaten to death in this comment thread. The concept of what is "right" is a ephemeral as same-sex marriage. No one can say whether allowing MM or FF families to be full-fledged members of society is a bad thing, and no one can say whether a kid who is adopted in such scenarios will cause more damage to society than a "protected" application utility method. So why are we arguing? For some reason, we think we can be "right" or that society gives a damn about what my particular opinion is. Give it up. There is no right or wrong--this kind of feeling is what has kept males from being able to declare their union with other males to be as valid as a normal males union with a female. Are we really that dependant on a single chromosome or a slightly more safety-conscious view of a private API? The answer is no. Feel free to disagree, but in no way do I feel like my forward-thinking society is in any way subordinate to the standard American way of thinking.
    Your diatribe is not at all interesting, but your viewpoint is. So, you're MB, eh? I'm guessing that stands for ultra-Nazi Michelle Bachman? No? Well, I'll assume you left the "League" out then. It's amazing how in Baseball that there is not one single homosexual familry relationship when homosexuals naturally consist of 35% of the natural couples in the U.S. Why does "The Organization" see fit to hide it? Or do the ones that are in there just think that "coming out" is something that would hurt their tendency as atheletes? Never mind. STFU, because I don't want to hear your "scientific" proofs regarding how men who desire women are more fit to hit a baseball than men who desire other men. You're ilk were the first to be sexist, then the first to be racist, and then the first to be homophobes. Die and burn in whatever your religion foolishly regards as Hell. Ye gods, I wish the lake of fire really existed.

    Or, for fun, try reading the comment. Admittedly off-topic, it does not appear to say "gay = bad".

  • (cs) in reply to notregistered
    notregistered:
    With regards to SQL, it is completely acceptable assuming that the input is correctly escaped to make SQL injection impossible. These "*NEVER*" comments tend to identify coders that have only been exposed to very limited problems and environments.

    With regards to non-SQL string concatenation NEVER being acceptable, you are an idiot.

    Fair enough. If you can give me an example of when it's OK to intentionally write SQL injectable code via string concatenation, then I will withdraw my NEVER statement. Otherwise, you're the idiot...

  • (cs) in reply to Geoff
    Geoff:
    This is all in a function so the dataset is going to go out of scope, he is not using it for anything else; its big waste, of time retrieving it. Its also worth pointing out that the adodb object has a count property. The loop is likely not needed even running the query he did, but in fairness sometime that value is not correct until the movelast() method/function gets called.
    Um, presuming that databases don't work radically different between JDBC and whatever acronym Microsoft is using, what you just described is probably highly inefficient, and not much different from the code at hand, except that you do the counting in the database.

    You don't know how many rows to expect before you've fetched all of them.

    Geoff:
    Oh and he is using cmdtext rather than calling a procedure with position parameters, usually not ideal. I don't see any input validation but depending on where myHomeID and MyStatus are coming from that may or may not be a WTF as well.
    In my personal opinion, input validation in an API (presuming, again, that this is an API) is something I never do. If you don't know what parameters to pass to my method, don't invoke it to begin with.

    Input from an end user, now that is a different story.

  • (cs) in reply to This June's a Hot One
    This June's a Hot One:
    Kiss me I'm Polish:
    This should be:
    • Hey, SQL, can you tell me how many friends I have?
    • But certainly. You have 3 friends.

    But instead it is:

    • Hey, SQL, can you tell me everything about my friends?
    • Sure! There's Roy, he's kinda laid back, not very bright but ingenious, about 30 year old, he has some success with women, but his dates end up mostly in disaster. Then there's Moss, he's bright but socially awkward; lives with his mom, but makes up for it with technical skills, around 30, a little scared of women, you'll love him. Finally there's Kate, she's your ambitious graduate who just lands a job with computers by misfortune; she's the youngest, and probably the most adapted of them all; she compensates an obvious technical ineptitude with social skills.
    • Oh. I have 3 friends, then.
    Actually, my count is 0.

    You do realize that you just described the three main characters from the IT Crowd, don't you?

    No he didn't, it's complete coincidence. If he did, the girl would be named Jen.

  • (cs) in reply to Hortical
    Hortical:
    Funny, I thought that's what you were doing, back there were you were making assumptions as though they were facts. And that part where (someone else, not even you) made an absolute statement and when I questioned its absoluteness, you call me unreasonable?

    Meta-arguing. One of internet's finest inventions.

  • Anonymous (unregistered) in reply to no u
    no u:
    Canthros:
    I'm mostly reminded of a job interview where the technical portion of the interview asked a SQL question about getting the largest value from a given column. Max() being the answer, of course. I asked if it was a trick question or if they were after something obscure involving OLAP or something, it seemed too obvious when the job description specified SQL experience.

    Now, I see that my faith in humanity is just too high.

    I always like to ask candidates who claim to have problem solving skills and/or sql experience the following question:

    What is an sql query you could use to return (only) the largest value in a particular column without using the max function. (they have an example table in front of them which I use for other simple questions also). I don't think anyone has ever given me a correct answer.. despite it being ridiculously simple.

    I was once asked this in an interview many years ago and the answer seemed trivial.

    select col from t1 where not exists (select col from t2 where t2.col > t1.col)

  • Anonymous (unregistered) in reply to Anonymous
    Anonymous:
    no u:
    Canthros:
    I'm mostly reminded of a job interview where the technical portion of the interview asked a SQL question about getting the largest value from a given column. Max() being the answer, of course. I asked if it was a trick question or if they were after something obscure involving OLAP or something, it seemed too obvious when the job description specified SQL experience.

    Now, I see that my faith in humanity is just too high.

    I always like to ask candidates who claim to have problem solving skills and/or sql experience the following question:

    What is an sql query you could use to return (only) the largest value in a particular column without using the max function. (they have an example table in front of them which I use for other simple questions also). I don't think anyone has ever given me a correct answer.. despite it being ridiculously simple.

    I was once asked this in an interview many years ago and the answer seemed trivial.

    select col from t1 where not exists (select col from t2 where t2.col > t1.col)
    Oops, should be select top 1 col from tab where not exists (select col from tab t2 where t2.col > tab.col)

  • The Poop... of DOOM (unregistered) in reply to boonie drinks his way across the ocean
    boonie drinks his way across the ocean:
    Hortical:
    C-Octothorpe:
    What's so difficult to understand? Is this piece of code vulerable to SQLi? Yes, absolutely it is. Is the consumer always going to pass trusted data? Who knows...

    The trouble is that you're basing your views on an uncertanty, which is what you claim "everybody else" is doing wrong... Personally, I would rather not trust the caller and be sure that I can handle safe, malicious and garbage data.

    I guess you're far more trusting than myself and everybody else, including security experts, are...

    You're also failing to think about the junior devs who will maintain this code several years down the road. Do they know about sqli? Probably not. But at least you can be sure you're piece of code is written safely and can handle it.

    Everyone knows about SQLi. There was an xkcd about it, so yes, even juniors.

    Let's imagine you go ahead and put SQL sanitization at every level of this program, including internal functions like the one shown.

    Years later, someone looks at it and thinks "What's with all the redundancy? I'm posting this to TDWTF!"

    Perhaps it's more the program's structure that is in question? If you're re-sanitizing several times, I think something is wrong.

    Granted you may not need tosanitize at every level, but I would think the point where the SQL is being created is the most sensible place to sanitize - rather than relying on someone sanitizing just before calling (which is probably more difficult/error prone).

    Once the statement is created, you have no (easy) way of knowing what has been added by the program, and what has been added by external forces, so sanitisation like escaping key characters is probably useless. It only really makes sense to sanitize input as it comes in...

    Presumably, the SQL is built in one place, and this is where the sanitization belongs - at the point you xcan still shit yourself and get out...

    I'd say sanitization at two levels is the very minimum:

    1. When the input comes in

    2. When the input goes into an SQL statement

    3. is so you won't have any other problems anywhere in your code (like trying to divide by 0, or using a string as an int in strongly-typed languages). This is mainly so all the code that handles it, will get the right input.

    4. is in case some input slipped the net in 1. or gets messed up during its way to arrive here.

    Any other sanitization is either necessary or not, depending on the type of project and how it's managed. If it's me doing all the code, or me and two other guys whom I know for sure will do a proper job, then there's no point. If it's a team of 50, all programming against interfaces others write, then you better do sanitization at every level.

  • Richard Davis (unregistered)

    Follows the pseudocode equivalent of some code I came across way back. The original was in C with libraries for variable length strings and arrays.

    Select an integer column from a table fetch loop sprintf the integer in to a string append a pointer to the string to a variable-lenth array

    initialise a running total to zero Then a second loop went through the array, for each Convert the string to an integer Add the integer to a running total

    return the running total

  • (cs) in reply to no u
    no u:
    I always like to ask candidates who claim to have problem solving skills and/or sql experience the following question:

    What is an sql query you could use to return (only) the largest value in a particular column without using the max function. (they have an example table in front of them which I use for other simple questions also). I don't think anyone has ever given me a correct answer.. despite it being ridiculously simple.

    I'm amazed that you've never got a correct answer(unless you've only asked it once or twice). Fair enough if its an entry-level job, not if its for a DB guy, because it is trivial

  • Anonymous Cow-Herd (unregistered) in reply to method1
    method1:
    no u:
    I always like to ask candidates who claim to have problem solving skills and/or sql experience the following question:

    What is an sql query you could use to return (only) the largest value in a particular column without using the max function. (they have an example table in front of them which I use for other simple questions also). I don't think anyone has ever given me a correct answer.. despite it being ridiculously simple.

    I'm amazed that you've never got a correct answer(unless you've only asked it once or twice). Fair enough if its an entry-level job, not if its for a DB guy, because it is trivial

    Of course, it is. All you need is some correction fluid to cover it up on the screen.

    SELECT MAX(whatever) FROM wherever
  • Omer Katz (unregistered) in reply to KaBlah

    Results count is 0. You are not the first and definitely not the frist.

  • (cs) in reply to nonpartisan
    nonpartisan:
    no u:
    Canthros:
    I'm mostly reminded of a job interview where the technical portion of the interview asked a SQL question about getting the largest value from a given column. Max() being the answer, of course. I asked if it was a trick question or if they were after something obscure involving OLAP or something, it seemed too obvious when the job description specified SQL experience.

    Now, I see that my faith in humanity is just too high.

    I always like to ask candidates who claim to have problem solving skills and/or sql experience the following question:

    What is an sql query you could use to return (only) the largest value in a particular column without using the max function. (they have an example table in front of them which I use for other simple questions also). I don't think anyone has ever given me a correct answer.. despite it being ridiculously simple.

    I was once asked this in an interview many years ago and the answer seemed trivial.

    Guessing here . . . something like:

    SELECT TOP 1 column FROM table ORDER BY column DESC;

    ?

    My SQL is rusty . . .

    "120."

    "What?"

    "120. It's the largest value in that column."

    "?!?."

    "Look, right here in the table you're showing me. 12, 43, 1, 17, 12, 22, 75, 8, 120, 54, 86, 2. The largest value is 120."

    "Ah. Um, OK, fair enough. Let's see, next question..."

    Addendum (2011-06-28 08:10): "Oh, hang on - you asked me to come up with an SQL query to return the largest value in that column."

    "Yes I did. I'm glad you've realised that.

    "Select 120;"

    "What?!?"

    "Select 120;"

    "Oh."

    etc

  • Hidden Man (unregistered) in reply to no u

    Sure it is a WTF level of stupid. There is no reason to not use a prepared statement. If you follow best practices every time, you are less likely to fail to follow them when it counts.

    Plus, you are assuming that there is no layer where a disgruntled Dev might be able to insert harmful SQL. Sure, peer reviewed code would prevent that, but obviously that isn't really something that happens at the place this code resides.

    Couple that with the fact from the story that the contractor is no a novice, but an "expert" and you start to see why his code is a WTF.

    Is the SQL injection the only WTF? No. Is it one in a litany of others, yes!

  • enim (unregistered) in reply to Hidden Man
    Hidden Man:
    Uninformed blah blah blahThere is no reason to not use a prepared statement.Repeated blah blah blah
    orly? Why don't you look up when SQL Server started supporting prepared statements. GIYF. How does your foot taste?
  • boog (unregistered) in reply to enim

    Who cares?

    Damn you, askimet!

  • NeonSnake (unregistered)

    We have something similar here in the old code. Get first record:

    DbCommand.CommandText = "select * from tblleads where homenum = " + myHomeID + " and reviewed = " + myStatus + " order by whatever desc; OdbcDataReader DbReader = DbCommand.ExecuteReader();

    string firstRecordVal = ""; while( DbReader.Read()) { firstRecordVal = DBReader(0); }

  • (cs) in reply to enim
    enim:
    Hidden Man:
    Uninformed blah blah blahThere is no reason to not use a prepared statement.Repeated blah blah blah
    orly? Why don't you look up when SQL Server started supporting prepared statements. GIYF. How does your foot taste?

    I don't get it. sp_executesql, which is used by SqlCommand parameters, existed in SQL Server 2000. The SqlParameter class exists since .net 1.1.

  • feugiat (unregistered) in reply to GFK
    GFK:
    enim:
    Hidden Man:
    Uninformed blah blah blahThere is no reason to not use a prepared statement.Repeated blah blah blah
    orly? Why don't you look up when SQL Server started supporting prepared statements. GIYF. How does your foot taste?

    I don't get it. sp_executesql, which is used by SqlCommand parameters, existed in SQL Server 2000. The SqlParameter class exists since .net 1.1.

    I don't understand what you're trying to say (and you probably don't either)--are you saying there is no possibility that this code was for a system prior to SQL Server 2000? If so, you're pretty dumb.

    No wait. Your not dumb! But I do have a bridge to sell you...

  • (cs) in reply to bertram
    bertram:
    I don't know the language/libraries, but I'd wager "i" doesn't need to be a long.

    Must admit this all doesn't seem particularly WTFy. It's more like a lot of little naive things. I suppose the WTF is supposed to be the context of this guy thinking he's awesome.

    Returning all columns of all rows rather than a COUNT(*) is more than a little thing. Of course, it's possible that this function runs once a day as part of some daily process which takes hours and so if it (the function) runs in, say, 2 minutes vs. 1 second nobody will care.

  • The Poop... of DOOM (unregistered) in reply to SQLDave
    SQLDave:
    bertram:
    I don't know the language/libraries, but I'd wager "i" doesn't need to be a long.

    Must admit this all doesn't seem particularly WTFy. It's more like a lot of little naive things. I suppose the WTF is supposed to be the context of this guy thinking he's awesome.

    Returning all columns of all rows rather than a COUNT(*) is more than a little thing. Of course, it's possible that this function runs once a day as part of some daily process which takes hours and so if it (the function) runs in, say, 2 minutes vs. 1 second nobody will care.

    Except if the entire daily process exists out of nothing but processes that take 2 minutes while they could take 1 second instead. It would mean that a process taking 2 hours could've possibly taken 1 minute.

    If, on the other hand, this function is the ONLY highly inefficient part of code, it doesn't matter indeed.

  • boog (unregistered) in reply to The Poop... of DOOM
    The Poop... of DOOM:
    SQLDave:
    bertram:
    I don't know the language/libraries, but I'd wager "i" doesn't need to be a long.

    Must admit this all doesn't seem particularly WTFy. It's more like a lot of little naive things. I suppose the WTF is supposed to be the context of this guy thinking he's awesome.

    Returning all columns of all rows rather than a COUNT(*) is more than a little thing. Of course, it's possible that this function runs once a day as part of some daily process which takes hours and so if it (the function) runs in, say, 2 minutes vs. 1 second nobody will care.

    Except if the entire daily process exists out of nothing but processes that take 2 minutes while they could take 1 second instead. It would mean that a process taking 2 hours could've possibly taken 1 minute.

    If, on the other hand, this function is the ONLY highly inefficient part of code, it doesn't matter indeed.

    Who cares?

  • Dereleased-work (unregistered) in reply to Joe

    A few more flavors for kicks:

    SELECT column FROM table ORDER BY column DESC LIMIT 1;

    SELECT column FROM table ORDER BY column DESC FETCH FIRST 1 ROWS ONLY;

  • (cs) in reply to molooloola
    molooloola:
    On a totally unrelated topic, why does it seem like all registered users are trolls?
    I've wondered this myself; I think it has to do with 1) the increasingly vague definition for "troll", and 2) the fact that it is so much easier to call the stranger disagreeing with you a "troll" than to refute their claims in any logical or intelligent way ("argumentum ad hominem").

    Naturally "all registered users" (as you say) would at some point seem like a troll, since they aren't constantly changing their names to hide from their prior offenses, as is common among some (not all) unregistered users.

    molooloola:
    Finally, is Hortical the original boog?
    No. I have only one registered username, and the only time I ever post with a different, unregistered username is when referring to featured WTFs that I submitted. In such cases I use my real first name, which isn't "Hortical".
  • boog (unregistered) in reply to boog
    boog:
    I have only one registered username.
    That's very unlikely.
  • (cs) in reply to feugiat
    feugiat:
    GFK:
    enim:
    Hidden Man:
    Uninformed blah blah blahThere is no reason to not use a prepared statement.Repeated blah blah blah
    orly? Why don't you look up when SQL Server started supporting prepared statements. GIYF. How does your foot taste?

    I don't get it. sp_executesql, which is used by SqlCommand parameters, existed in SQL Server 2000. The SqlParameter class exists since .net 1.1.

    I don't understand what you're trying to say (and you probably don't either)--are you saying there is no possibility that this code was for a system prior to SQL Server 2000? If so, you're pretty dumb.

    No wait. Your not dumb! But I do have a bridge to sell you...

    There's a possibility that it did, but there's a fair probability that it didn't. Keep your bridge for yourself, you might need it.

  • (cs) in reply to boog
    boog (clueless copycat):
    boog (witless wannabe):
    boog (meta meddler):
    My, your an unoriginal troll, aren't you?
    Says boog of wall people
    Says wall of boog people
    It seems I missed out on a lot of fun yesterday. How many fake boog comments was that in just one day? I'm impressed!

    I never realized I had so many fans.

  • iusto (unregistered) in reply to GFK
    GFK:
    feugiat:
    GFK:
    enim:
    Hidden Man:
    Uninformed blah blah blahThere is no reason to not use a prepared statement.Repeated blah blah blah
    orly? Why don't you look up when SQL Server started supporting prepared statements. GIYF. How does your foot taste?

    I don't get it. sp_executesql, which is used by SqlCommand parameters, existed in SQL Server 2000. The SqlParameter class exists since .net 1.1.

    I don't understand what you're trying to say (and you probably don't either)--are you saying there is no possibility that this code was for a system prior to SQL Server 2000? If so, you're pretty dumb.

    No wait. Your not dumb! But I do have a bridge to sell you...

    There's a possibility that it did, but there's a fair probability that it didn't. Keep your bridge for yourself, you might need it.

    Like someone said on here earlier: you cannot make any assumptions that you are not given. You THINK that it exists in a stored-procedure world, but I have enough evidence here to show the likelihood that it did not exist at authorship.

    In case you don't realize the reference: the "bridge" is similar to the idea of "ocean-front property in Arizona". The fact that I offered it to you shows that I don't think you're smart enough to realize that neither exists.

  • boog (unregistered) in reply to boog
    boog:
    boog (clueless copycat):
    boog (witless wannabe):
    boog (meta meddler):
    My, your an unoriginal troll, aren't you?
    Says boog of wall people
    Says wall of boog people
    It seems I missed out on a lot of fun yesterday. How many fake boog comments was that in just one day? I'm impressed!

    I never realized I had so many fans.

    Who cares?

  • (cs) in reply to boog
    boog (feeble-minded facsimile):
    boog:
    I have only one registered username.
    That's very unlikely.
    Oh sorry, I meant to say only one registered username on this site. Thanks for calling that to my attention.

    Surely I have registered usernames at other websites too.

  • (cs) in reply to boog
    boog (inane imitator):
    boog:
    boog (clueless copycat):
    boog (witless wannabe):
    boog (meta meddler):
    My, your an unoriginal troll, aren't you?
    Says boog of wall people
    Says wall of boog people
    It seems I missed out on a lot of fun yesterday. How many fake boog comments was that in just one day? I'm impressed!

    I never realized I had so many fans.

    Who cares?
    Who doesn't?

Leave a comment on “A More Better Way to Count”

Log In or post as a guest

Replying to comment #:

« Return to Article