- Feature Articles
- CodeSOD
- Error'd
-
Forums
-
Other Articles
- Random Article
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
Hey guys, come on. Why defend storing queries in XML, which is stored in a file somewhere? Most database support some form of stored procedure, where, you know, you simply call the procedure called "delete_authorization" and you can keep everything in one neat little package? Plus you get better control over access rights with stored procedures than with XML (I can only begin to imagine the horrors of XML-based access lists linked to db user accounts).
Admin
[post attempt 3]
Admin
There are more things in heaven and earth, Horatio, Than are dreamt of in your philosophy. --Hamlet 1:5, 166–167
-Harrow.
Admin
Admin
Well, customizing reports wouldn't work too well; if I were doing the sql in config thing, I'd use a separate user for that and limit its access to select only. I still prefer hardcoded sql when possible with column filters for customization.
Admin
Or, you know, some places keep stored procs out of the DB as a matter of policy (at amazon, sprocs are used for things like updating the last updated by column). The idea is to keep all business logic in the app layer.
Admin
I cannot imagine why people are defending the deliberate avoidance of stored procedures. Would you all also defend the deliberate non use of functions and subroutines since you can technically write one giant set of code to handle everything? What about when things change? It is far easier to change 2 relevant stored procedures that are called in 40 different places than to track down 40 places with vaguely similar hard coded sql and update them all one at a time.
Admin
Not really. It's easier to manage one deployed module that has sql + app logic in it than coordinate the module change with a db change. My example with the hardcoded sql doesn't have to mean that sql is embedded all over the place - in java, stick your sql in a dto package and you have a fairly contained place to make changes.
Admin
Admin
The code snippet from the article translated into English:
Admin
Admin
Admin
The query editor doesn't make sense. There is no difference in writing a stored procedure compared to writing the SQL statement in an XML file.
The language argument also doesn't hold. What DB interface supports multiple languages and refuses stored procedures?
But a DBA from hell, that could very well be TRWTF.
Admin
FTFY
Admin
Since IE
Oh wait...
Admin
Admin
...It would be, if the original poster wasn't topcod3r!
Admin
It just looks like ZendFrameworks method of doing stuff to me (ie wrong)
Admin
SQL in XML gives you a lot of flexibility, but flexibility is powerful and therefore dangerous, as the OP already showed.
And how are you going to run procedures that require a bit more processing, e.g. with variables or loops or commits or whatever if your db cannot even handle stored procs?
Admin
Of course, you want to make sure your developers understand how to use source control. It's a tool, not an end in itself.
Admin
Dear Sir. On what planet are stored procedures more slow than embedded sql (with or without the extra xml-parsing layer)?
Truly yours /
Admin
Looks like a primitive implementation of an object-sql mapper (maybe without the object mapping part). See iBATIS for example.
The problem with this code is lack of development rigor (i.e. design/testing/etc.), not in the concept itself. It's not like you can't misname/miscomment a stored procedure, view or DAO.
Depending on exactly how this is used, perhaps there is a better architecture, but the main purpose: not hard coding SQL in the application is met in a useful way.
Admin
Actually this makes perfect sense.
It started out as a delete, but a requirement came in to insert a new row after doing the delete. So the programmer changed the delete to a select (rows no longer deleted require no replacement insert) and made the comment an "insert" to satisfy the requirements document. But changing the name would require modifying programs that reference the query so the name was left as "delete".
See? Perfect sense. XP
Admin
Yeah those pesky databases, in fact, why bother with tables, store all the data in XML in the config files and never have to worry about tier mismatches again? Because as everyone knows, having a nice smooth release is the most important thing of all.
Oh no, wait, this is the real world! What about the several other systems that connect to the database: the ETL system for the data warehouse: The data dump from that supplier.
The best you can say for this is that at least it's a complete piece of SQL, I've seen so many systems where BITS of SQL were stored all over the place, pieced together from from HTTP request variable names, like this (from memory):
SQL = request(QryType) for each var in request.form if left(var,3) = "fld" then SQL = SQL + right(var,len(var)-3) + "," end if next SQL = left(SQL,len(SQL)-1) SQL = SQL + " FROM " + request("TlbName") ..... ad nauseum
I have a rule of thumb on system design: if you're doing some weird non-standard shit that goes against what 99.99% of the rest of the world are doing, you're either a visionary genius or there had really really better be a good reason.
There are very few visionary geniuses about, usually, it comes down to ignorance, stupidity or just not running it past someone with an actual brain.
Modular design: it's good for humans, cars, planes and computer systems.
Admin
Argh, brain explody!
Admin
Well, let's see:
now, your DB and app both contain business logic, and this is just another way to divide up the thing. Keeping the sprocs to a minimum means that (for a price) you can roll forward or back a few revs with near impunity on a piece of code and reduce the dependencies on your group's changes.
In the case I'm thinking of, it wasn't that the DBAs were dicks - they were just overworked doing DBA things, so keeping the sprocs away matched up with the available labor pool. In practice, it worked pretty well.
Oh, and if you can help it, never let your internal schema depend on what a supplier decides to send over - that's asking for pain.
Admin
You have a strange definition of happy. Then again, I'm rather allergic to XML. I have to wear gloves and safety glasses if I ever have to deal with it.
Admin
I know special cases are rare, but one special case is enough to knock any little bit of easy in a scheme using XML.
Admin
If you respond with a variant of "stored procs are better" then you fail. I'm not asking anything about stored procs, I want to know why this is horrible.
Admin
Here are a few things : It is considered by many to keep the presentation independent of the data structure. Any filtering and formatting is done on the presentation layer. (this is in response to the 'columns they want to see' idea).
XML is always a bad choice.
It's a bad choice for editing simply because of the volume of text that it requires to describe simple things. Calling it human readable is stretching readable. If you are putting it in a nice GUI and it doesn't look like XML, well, its not xml at that layer.
It's a bad choice for data transmission because of its complexity. An xml node tries to be a list, associative array and a scalar values all at the same time, and has an associative array of attributes tagged to it as well. This doesn't even get into the complexity of XML namespace issues.
It is horrible for parsing. You have the DOM choice, which gobbles up RAM. You have the SAX choice, which because of the scalar/list/hash-ness of the xml node, is very complex. You can't say a node is done being parsed until its closing tag is encountered. If you are doing depth first, that can be a long long long way off. The only decent parsing model is the pull model, and you will miss any data you are not expecting in that one.
XML does not allow a magical 'ooo, everyone understands this' transmission of data. Both sides need to agree stringently on a schema. This is true for any sort of data protocol. The only thing XML gets you is that it can be validated. Then again, other data formats can be as well, so big whoop.
Admin
Admin
Maybe, but what do you think the odds are this is designed like that simply because XML is popular? If you just have skill with a hammer....
Admin
XML is a decent interchange format because it's usually flexible enough to describe your data and it's fairly simple to make a data format and know that it'll work now and later after you add some fields (you can add fields to an xml stream and have it work, allowing noncoordinated format extensions).
XML is okay for a data storage format because it allows you to create a format and bung your data into it without much effort.
Basically, if space and cpu are less a concern than dev time (which is usually precious), XML works ok.
Admin
JSON can encapsulate the 3 common data containers - the scalar, the hash and the list - with complete ease. Translating back and forth between JSON data and a native data structure is very easy.
JSON is much better. Even YAML would be better. Even \n separated plain text is often preferable. Any of those require far less effort than XML does.
I would rather go with a csv that starts with a clear descriptive header. That is much faster in dev time. Any example I have above is faster in dev time. If the development speed is due to particular tools, again, the presentation layer display something that transcends XML, be it hover over meta-data or a pretty dom tree.
Yes, I demonize XML but that doesn't mean its the worst or that its unworkable. Just about any programmer can look at it and understand it, and for me, that may be its greatest feature.
Thanks for the spirited defence of it.
Admin
[quote user="Franz Kafka"] Basically, if space and cpu are less a concern than dev time (which is usually precious), XML works ok.[/quote]
I would rather go with a csv that starts with a clear descriptive header. That is much faster in dev time. Any example I have above is faster in dev time. If the development speed is due to particular tools, again, the presentation layer display something that transcends XML, be it hover over meta-data or a pretty dom tree.
Yes, I demonize XML but that doesn't mean its the worst or that its unworkable. Just about any programmer can look at it and understand it, and for me, that may be its greatest feature.
Thanks for the spirited defence of it.[/quote]
Given the choice between csv and xml, I'd go with xml - it's standardized, so if 2 orgs can agree on a format, they can expect to read each others' stuff. csv is nonstandard and hacky (see how it deals with quotes and backslashes). Hell, even excel generates csv that it can't read. I'd much prefer a fairly verbose xml thing if the other side of the producer/consumer is in some other company.
Admin
Admin
And the wonderful iBatis SQL Mapper lets you factor out all your SQL into patterns kept in XML files. iBatis makes it wonderfully convenient to execute queries safely (no SQL injection attacks) and conveniently. You can even switch from one DBMS to another by supplying alternate sets of XML files.
Admin
Admin
[quote user="Franz Kafka"][quote user="Franz Kafka"] Basically, if space and cpu are less a concern than dev time (which is usually precious), XML works ok.[/quote]
I would rather go with a csv that starts with a clear descriptive header. That is much faster in dev time. Any example I have above is faster in dev time. If the development speed is due to particular tools, again, the presentation layer display something that transcends XML, be it hover over meta-data or a pretty dom tree.
Yes, I demonize XML but that doesn't mean its the worst or that its unworkable. Just about any programmer can look at it and understand it, and for me, that may be its greatest feature.
Thanks for the spirited defence of it.[/quote]
Given the choice between csv and xml, I'd go with xml - it's standardized, so if 2 orgs can agree on a format, they can expect to read each others' stuff. csv is nonstandard and hacky (see how it deals with quotes and backslashes). Hell, even excel generates csv that it can't read. I'd much prefer a fairly verbose xml thing if the other side of the producer/consumer is in some other company.[/quote]
I didn't mean the horrible csv that Microsoft frankensteined, I mean a real cvs with a resonable escapes. Yes, the compaines have to agree on what the order and meanings of the columns are, but they would have to agree on an xml schema anyway. That agreement can be short, but can be glacial.
Admin
in early 2000 decoupling was the rage in software programming i too had fallen for it hook line and sinker. though not bad inherently, it does tend to confuse the average coders. also the code had so much overload that even though it was immensely flexible the users had a hard time getting it to run fast. and coders had a hard time debugging it in case configurations wouldn't suffice. database portability may have been in the developers mind..
Admin
This mean that's your SQL database design lack the abstract to manage per customer settings, please review it !
Admin
Admin
When the query plan isn't optimal for the arguments specified. When temp tables used inside stored procedures aren't optimised (they often aren't) and cause inefficient query plans internally. When the muppet who thought a string representing a date would work identically - when migrating to from in-line sql to a proc - to the correct date type of an indexed column that would result in an improved query plan. When statistics are stale and query plans are no longer optimal. I could go on, but my life is already foreshorted by database 'gurus' who don't understand even the most basic database internals.
Admin
Admin
All this talk about XML is missing the point, XML is for storing and transmitting data and it's really very good at it when used appropriately.
You can fit all sorts of quite complex data in it and that's its strength.
This is essentially a string of text, there's no benefit whatsoever from storing it in an XML file, you might as well store it in text files, another database table, whatever. The point is the most appropriate place to store your SQL is the database itself, that's what it's for.
Admin
TRWTF is that all daily WTF stories have these kind of continuity errors and you never noticed before.
Admin
In many ways, the main competitor for XML is ASN.1 because that also handles the multiple-naming-authorities problem. You probably don't want to write new things that use ASN.1 as a serialization format though as it is rather difficult to read without special support software. (CSV only works for simple tabular data, and implementations of it have some significant issues; it's best reserved as an if-all-else-fails interoperability format because of these things.)
Admin
Very good example of a big WTF on its own. And BTW, it is, it's, its
Admin
This made me reach for the upvote link. Alas there was none.
It's not the first time I wanted to upvote a comment here :)
Admin
Stored Procedures are slower than ad-hoc queries extracted from an XML-file???????? Where does this idiot come from?