• Guy Provost (unregistered)

    Know what ?

    This monstruosity is common in the Oracle World, with an apache module, you can do the same crap in PL/SQL!

    When I first saw that I said "This is a joke ?" and the guys I work with were all flabergasted that I didn't know that... like it was the usual and proper way to do that... They were frustrated at my reaction... Then I told them about stuff like CGI scripts, ASP and ASP.NET pages. This story isn't that old... 3 years ago, well after the creation of web scripting!

  • Barry Etter (unregistered)

    This technique isn't as bad as it seems depending on your application and the environment. By generating everything on the database server, you save multiple database hits and network round-trips.

    In this example, you see lots of individual SQL queries. Imagine if you had to execute all of these one at a time from the web server and transmit the results individually!

    Although, you typically see this is shops where the skill set is on the back-end languages rather than web scripting.

  • Hassan Voyeau (unregistered)

    Is there a limit on the length of string than you could select in a SQL statement? Would this affect the amount of html he could select?

  • In_Finite (unregistered)

    And what do you do when somebody decides to change site layout?

  • Eric Newton (unregistered)

    Yea, this is a great way to generate HTML... minimizing round trips to the DB machine!

    Oh heck... why not just have SQL server host the whole website on the database machine, skipping IIS altogether!

    Sweet! Now come back when your web designers want to change the look and feel of the web site. And come back when the schema of the database changes that change a column name or something similar... lets see the comments after that

    Sheesh.

  • Alex Papadimoulis (unregistered)

    "what do you do when somebody decides to change site layout?"

    Well, a lot of graphic designers had to learn HTML ... let's just teach SQL!

  • Lee (unregistered)

    Why is each colon in it's own column?

  • Catatonic (unregistered)

    This code is probably subject to cross-site scripting attacks. The least you must do, when building (X)HTML pages that might echo something the user typed in, is check for left angle brackets and change them to entities.

  • cooper (unregistered)

    "In this example, you see lots of individual SQL queries. Imagine if you had to execute all of these one at a time from the web server and transmit the results individually! "

    Honestly, though, the "correct" in my manner of thinking way to do this would be to have the SP simply do and optimistic join across all the relevant tables, or have a DB view set up, and roll up the results as needed into data object at the business layer.

  • cooper 2 (unregistered)

    In this example, you see lots of individual SQL queries. Imagine if you had to execute all of these one at a time from the web server and transmit the results individually! "

    Ya, that many queries on one little web page would definately be crazyiness ...!??

  • qwerty (unregistered)

    Great tip! But do you have any examples of how to process cookies and form posts with SQL? My company wants to cut server costs at our hosting.

    BTW, "No-Tier architecutre" I believe we saw that with DoNothing(). My coworkers excited about that exciting new paradigm.

  • qwerty (unregistered)

    "you typically see this is shops where the skill set is on the back-end languages"

    Very true. After all, every skilled SQL coder knows how much nested selects, conditional branches, and string ops can get the database screaming. inner joins are for n00bZ.

  • Ray (unregistered)

    I wonder if the guy wrote an extended stored procedure to run as an embedded web server in SQL Server? That'd be too cool. Or not.

  • El Fuge (unregistered)

    It might not be the application I was working on, but the code looks a lot like it!

    Two years I joined a team working on a rather large application written with ASP and MSSQL. The company'd been developing it for some three years before I joined as a developer.

    I spent virtually all my time cleaning out that kind of gunk from it. I quit after a year.

  • AIM48 (unregistered)

    "
    In this example, you see lots of individual SQL queries. Imagine if you had to execute all of these one at a time from the web server and transmit the results individually! "

    No - You could do something like.

    Declare @Whatever int;
    Select @whatever = (select bla bla bla) etc..

    Declare @Whatever2 int;
    Select @whatever2 = (select bla bla bla) etc..

    Select @Whatever as Col1, @whatever2 as col2

  • Mike Dimmick (unregistered)

    If you do multiple SELECTs in the same batch (command text, stored procedure, whatever) and their results are not assigned to variables, you get multiple resultsets.

    From an ADO Recordset, call NextRecordset. If you're using ADO.NET, call NextResult on the DataReader. The DataAdapter will Fill multiple DataTables, if supplied a DataSet.

  • Tim Haig-Smith (unregistered)

    To make this more evil why not just execute the sql in line ;) Love the hardcoded reference to the image file :)

Leave a comment on “SqlHtml”

Log In or post as a guest

Replying to comment #:

« Return to Article