- Feature Articles
- CodeSOD
- Error'd
-
Forums
-
Other Articles
- Random Article
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
"and is, in fact, quite brilliant."
Well, yeah - it's clearly intended to be adaptable to an embedded platform with no database.
Admin
#define ZERO 0
Admin
Admin
If you need to guard against that level of WTFery you need some new developers.
Admin
Admin
If you really want to make sure they last forever, store everything in a RAID array.
Admin
Maybe this was done for performance reasons? If the method BuildQuery is executed very frequently - we could get some gain, making those strings contant and not creating them each time the method is called.
Admin
Doesn't seems to me any more wtf than
in C. I doubt that the interpretation of integer values in boolean expressions in C is going to change any time soon.
But that's just me, I could be wrong.
Admin
and it's shorter, since you get to leave off the spaces and quotes every time.
Admin
edit: guess they never heard of StringBuilder either
Admin
Umm, TRWTF is that 1) he did not use an abstraction layer and 2) nobody else seems to find that odd.
Admin
I don't think the string constants are used many times, probably just complying with some overzealous build process, spewing warnings about the non-externalized strings in code. Hungarian notation is somewhat of a WTF these days (the "mstr" prefixes meaning "member of type string"). It is not an optimization, as someone suggested, the compiler is clever enough not to create new objects if static strings are used in the code. And you can't tell from the snipet, whether PreparedStatements and positional parameter were used or not.
The code is pretty safe and simply avoiding unnecessary warnings by using constants. The purpose of the class seems to be avoiding common typos while writing SQL queries and avoiding some code repetition.
The real WTF: people thinking this code is WTF
Admin
You must be psychic if you can tell that by the posted code.
Admin
Yes it is, use a Stored Procedure, then you can track the name of the sproc in a constant. Much, much, better solution and it also works if Thundarr is roaming around with his amazing Sun Sword.
Admin
Yep, I've seen code like this, and the opposite, all within a few lines. This goes way back a bit, to CDC assembly language, but there was a compiler that defined "BCDBIT" to be "6" (The number of bits in a pre-ASCII character) and used that definition in about 33,000 places. But in almost everyplace it was used, it would break the code if BCDBIT was anything other than 6, as it usually was like shifting characters off the end of a 60-bit word.
So 33,000 uses of a useless constant, then every few lines, a few "magic numbers", like 72 for the number of columns per line to read in. Grrrr....
Admin
90% of what we do as programmers is talking to other people, and yet we allow tongue-tied incoherent nerds like ourselves to do it. Perhaps that's why there is so much WTF code out there.
Admin
Admin
Admin
But as we know from the previous future experience, they would anyway end up mangled like "s'ect" or "d'te". Or Voyager VI had only copper plates, not golden.
Admin
Now wait one cotton picking moment! Where the heck are the TABLE, VIEW & PROCEDURE constants! ;-)
Admin
Seems like a brilliant way to open yourself up to SQL injection attacks once someone forgets to validate whatever is going into or coming out of that function.
Admin
Not at all. With a proper abstraction layer (JDBC does not qualify), there is no need to write SQL code at all; the abstraction layer translates method calls on a query object into whatever query language the underlying RDBMS uses, which may or may not be some sort of SQL dialect.
Admin
Your all missing the point. The advantage is you don't have to type "quotes" all the time. Just look at the queries, they are very readable and fast to construct
Admin
This pattern usually develops when a developer has to deal with the first scenario above. Even though code in the article solves very few real problems and is quite WTF-worthy in implementation, the concept is valid.
Admin
If you're writing magic sacrifice code to appease your angry IDE with no concern for readability or even sanity, then, yes, it is very wrong and you are very wrong.
Admin
It is quite clever. That is why there are these nifty things called stored procedures which fail to compile if you have typos.
Admin
You sir have obviosuly not seen Kung Pow. http://www.imdb.com/title/tt0240468/
I suspect that the person who wrote this abstraction layer is the "34% sparklier" guy in this article: http://www.joelonsoftware.com/items/2009/09/23.html
Admin
This looks like someone had a good idea (not to use "magic strings" in code) and took it too far.
Admin
Admin
Very basic stuff...the removed snippet would contain the building if each clause, the initialization of the clause strings just ensures there's whitespace between them. Nothing to see here...
captcha "jumentum" When Israel really gets moving on something?
Admin
Stored Procedures are nice, but not always needed. The real WTF here is that no one can read the SQL commands, or copy them into an interpreter shell.
A single, clear SQL string can be easily tested to see that it is correct. This is one of the very few cases where I like copy-paste programming. The SQL interpreter shell validates the command, and then the programmer pastes it into the code, possibly changing "?" for the sample parameters.
Admin
It's just poor man's LINQ.
Captcha: commoveo [Imp.] watch (SO.) climax
Admin
Maybe TDWTF should have a poll associated with each article so commentors can vote if it is a WTF or not.
Admin
TRWTF is that SQL keywords should be in capitals
Admin
Captcha: tation (that's no moon, that's a battle 'tation -- aka: I got nothing)
Admin
Admin
Admin
Err...a ton of comments and no mention of JDBC yet? This is Java code, shouldn't be puttng params in raw strings. Only one comment so far about injection, only a couple about escaping...
Simply cannot believe this is being defended. It's apalling junk.
Admin
Really these should have been stored in a database table. Hard-coding constants like that is bad practice. Ideally, the database table would be accessed via a web service for portability.
Admin
It's also arguably easier to read without the quotes around the string literals. Although I don't particular like this style, I generally only put things into constants which might change at some point, and SQL keywords clearly aren't one of those things. Also unless I really need to dynamically build SQL I put the entire SQL query in a single constant, which is much easier to read. I can't tell what the usage is in this example.
Admin
The plaque is from Pioneer, not Voyager. And it's actually gold anodized aluminum, but I think even Voyager's record was gold plated copper. The point about "s'ect" and "d'te" is well taken, however.
Admin
This gives you compile-time warning for typos. That would be one positive aspect.
Admin
Not wrong? Right, because who cares about avoiding SQL injection, or using stored procedures anyway, right?
Admin
Admin
Here are my results and now I want them in DESCENDING order. Oh Crap!
Admin
Why not just get the list of SQL keywords from the database ;)
Admin
The WTF here is that the expression value zero has always been logical false. Every other expression value has always been logical true. Not just 1 (one), every non zero expression.
IMHO we should always jump on the programmer who writes ...
(expression == TRUE)
... and perhaps question the use of language :-)
#define FALSE (0 != 0) #define FALSE ((! FALSE))
Admin
I'd say the real WTF is using string concatenation to build the query (and probably not escaping it either), instead of using a parameterized query. In this case, the constants do help avoid type-os.
Admin
Admin