- Feature Articles
- CodeSOD
- Error'd
- Forums
-
Other Articles
- Random Article
- Other Series
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
But if he's thinks he's the only one who is pedantic enough to notice then clearly the pedants (or at least that pedant) know the difference ;)
Oh...unless you were having a go at me....
Admin
I think it ultimately comes down to laziness, power, and ego.
For instance: some IT group controls servers that you use for development. So, any changes have to go through them. This is power.
Now you need something done on the server to support your project (which is actually going to make the company money, unlike them). But, they can't be bothered to understand the needs of your project, so you have to spell out exactly what you need done, and basically tell them how to do their job. This is laziness.
Then, if you suggest an improvement to this process, which will make life easier in general for both parties, they act offended and talk to you like you're a moron because you dared to question the Process. This is ego.
(The above is based on a true story.)
Sadly, it happens all the time. Someone insists things be done their way, even if it won't work, just because they're in charge: ego and power. Project manager doesn't invite you to relevant meetings: power and laziness. Someone refuses to accept a different approach to a problem because they'll have to change the way they do things: laziness and ego.
Now you might think stupidity should be in there, and while it's high on the list, I don't think it's nearly as damaging (with exceptions) as the other three. In my experience, stupid people will at least get out of your way (until they get infected with either ego or power).
It's not just in IT, mind you; this is a human failing, made worse by organizations.
Admin
I think you're right. It would need to be something like this:
That semicolon should make all the difference.
Admin
What database is this? Most databases treat SELECT * FROM (SELECT * FROM Table) as an error. You need to write SELECT * FROM (SELECT * FROM Table) please instead.
Admin
Good observation dude.
Admin
I saw a few syntax error references above...but wouldn't the single quotes cause an error? The '(Select... would close on ...e=' and then cause an error right?
CALL Query3('SPTST0001', '(SELECT a,b,c FROM x,y,z WHERE d=1 AND e='test' ORDER BY z.c)');
LVBarnes
Admin
please explain this CAPTCHA stuff, it sounds like a new fad I haven't yet caught on to...
Admin
wtf? what do you mean "Capthca = Cogo.. Torgo's cousin."
Admin
But it would work here. The stored procedure 'Query1' just executes some dynamic SQL (whatever is passed to it), thus the need to wrap the 'query' in parentheses.
Admin
Hope this query will fire the DBA:
CALL Query3('SPTST0001', 'x; DROP TABLE RawQuery; --');
Admin
Admin
Well my experience is more like the exact opposit:
Admin
Admin
He'll never make it as a consultant.
Admin
How does this "solution" make maintenance easier? Have they never heard of ALTER PROC? This really just blows my mind that a DBA (who should know better) would come up with such a clumsy ham fisted crap storm. I mean I can understand wanting all SQL queries run against the database to be in stored procs with parameters, but this?????? It is truly mind boggling.
Admin
How does this "solution" make maintenance easier? Have they never heard of ALTER PROC? This really just blows my mind that a DBA (who should know better) would come up with such a clumsy ham fisted crap storm. I mean I can understand wanting all SQL queries run against the database to be in stored procs with parameters, but this?????? It is truly mind boggling.
Admin
How does this "solution" make maintenance easier? Have they never heard of ALTER PROC? This really just blows my mind that a DBA (who should know better) would come up with such a clumsy ham fisted crap storm. I mean I can understand wanting all SQL queries run against the database to be in stored procs with parameters, but this?????? It is truly mind boggling.
Admin
How does this "solution" make maintenance easier? Have they never heard of ALTER PROC? This really just blows my mind that a DBA (who should know better) would come up with such a clumsy ham fisted crap storm. I mean I can understand wanting all SQL queries run against the database to be in stored procs with parameters, but this?????? It is truly mind boggling.
Admin
Yep. I deal with that everyday. I wish I had a nickle for every time I head "It's probably there for a reason."
Admin
Admin
Sorry, but no.
"Reinventing the wheel" does not mean to change its design, form or material - it talks about the concept, which is undeniably the same for all your (and all other) examples of wheels.
CAPTCHA: inhibeo = (lat.) I hold in, I check ;o)
Admin
Not defending their practise, you understand. For supposedly skilled people to continue following a flawed policy and resist efforts to highlight its shortcomings is a pretty commonplace WTF. Sadly.
Admin
Sorry, this one lacks the whiff of credibility. Is %#% a parameterized query format for some database I am unfamiliar with or is the story that the DBA does a string replace in the "stored" queries?
While I am frequently astounded that the depths of human stupidity actually extend many fathoms further then I tend to give credit for (occasionally including my own lake of vacuousness), but I find it hard to believe that a DBA would go to these depths to control the SQL run on their database yet would be unfamiliar with prepared statements/parametrized queries (but not so with stored procedures).
No database that I know of will allow you to use a bind parameter for a source/target (table name, column name, etc). So if this hack worked for SPTST0001, it would also work for every other query in the database by inclusion of an extra quote and/or semicolon, because the whole system was just string catting.
I'm dubious.
captcha eros: Sexy typos.
Admin
Admin
Maybe he was doing some catting because he wanted the statements to be recompiled every time? For example, in Postgres, if all you do is make a stored procedure that runs a query after passing some bound variables, the query is only planned once. While this is a good thing sometimes, other times it's rather suboptimal, because the planner had no idea of what the bound values were: It'd run the same plan whether the query was supposed to retrieve ten rows or ten thousand. plain catting is awful, but it does get around such problems.
Admin
It would depend on the database, some databases don't support binding parameterized queries and would treat % as a string replacement like a %s in C, for instance the versions of Informix DBMS that I have used would allow this if the parameter was a varchar or text types.
Admin
Admin
Ok so the projects you've worked on had clients developers, servers developers, DBAs, PL/SQL developers, Sysadmns... etc... You might be surprised but sometimes project just don't have 500 persons involved in but 2-3 or even less. And some software guys are given more scope than just "you take care of this bolt, the rest is not your problem"
Admin
CAPTCHA: Your Mum (I think I got the hang of this now).
Admin
"When developers have to take advantage of security flaws in order to do what they need to do to get the job done, it's time review your architecture. And fire somebody."
This.
Admin
This is only true of people who are only reasonably competent. The genuine elite - the super-capable engineers, do not need to horde or to announce themselves as elite. The telltale sign for a problem child? Someone who talks about being the best. Truly gifted engineers don't need to say anything: They're busy building great things. Most I've met are good natured and generous.
Admin
This is revealed truth. I learned 'take your best estimate and multiply by pi'.
Sometimes developers (like me) are tempted to come up with insanely tight time lines, perhaps in an effort to look talented and dedicated. Never do this! Always leave yourself time to recover!
When you beat your estimate, a little squirt of dopamine is released in the customers brain.
when you fall behind, he will eat crabby patties.
-Cantalopian
Admin
Fantastic!! :-)
Admin
That is hysterical!
PS - Now I understand why there are people out there that hate stored procs.
Admin
Amazing. I love it. Thank you.
Admin
When I saw SELECT * FROM %1% I was actually expecting to see code load entire tables into arrays and do all of the filtering and sorting in VB...