The Daily WTF: Curious Perversions in Information Technology

2013-03-22 Reply Admin

Cbuttius:
So if you can't write and use a stored procedure, use a trigger instead.
Create some table and insert the parameterised records into it to generate the trigger.

That gets you round the filter because INSERT is an approved word.

In incidentally SQLServer allows MERGE which is a properly concurrent-safe "INSERT or UPDATE".

Getting round software issues by writing even more complex code is seldom the correct decision, particularly if you are in a position to modify the code.

That way lies the path to madness (and even more unsupportable software).

2013-03-24 Reply Admin

I hope you did it RIGHT and validated against MX records and not A records. Or (shudder) some list of "known top level domain names".

I've lost count of the number of broken "email validators" I've seen that reject my perfectly valid email addresses (which use MX-only DNS records) but will happily accept garbage input.

2013-03-24 Reply Admin

chubertdev:
Smouch:
Seeing as he recognized the total uselessness of the validator function, why did he add the execute keyword at all?
Why not comment out the code and replace it with

return true;

Because that's not using a function that has just "worked" for so long.

When you play by the book and don't just rip things out when they've been in production, you're seen as more as a team player by the PHB. The more that you're willing to sacrifice your morals for what the people above want, the more money you're likely to make.

QFT. Sadly.

2013-03-24 Reply Admin

Coyne:
He should have changed the function to do a regex. This matching pattern should have done it:
/{s,d,ins,updat}*e{xe,le,le,rt}*{cu}*{te,ct}*/i
(Oh yes, it only really matches an "e", but like the guy on the commercial said, "You're good!")

But what's "sssselelecute"? Great scrabble game there, BTW.

SELECTing Valid SQL

Leave a comment on “SELECTing Valid SQL”