• Ollie Jones (unregistered)

    Exclude the anchovy topping from my frist pizza, please.

  • Dude (unregistered)

    Does it use query params? Those look like format params to me...

  • Drak (unregistered)

    Record Count From THIS Clause is what I believe they meant.

  • Abigail (unregistered)

    I don't see where query parameters are used -- they're usually called '?'. I do see '%s' which smells (s)printf to me. Which opens all the doors to SQL injection.

  • (author) in reply to Ollie Jones

    I'll have yours. Anchovy is great, and haters are wrong.

  • (author) in reply to Abigail

    I'm admittedly giving them the benefit of the doubt, as I have seen query layers which use % params instead. I could easily be wrong, though.

  • Prime Mover (unregistered)

    Anchovy, pineapple and chocolate, please.

  • S's cat (unregistered)

    ASC_SQL_KEYWORD is long but it has a big advantage over using "ASC" everywhere -- if you misspell it as ACS_SQL_KEYWORD you get a compilation error but if you mistype the actual keyword as "ACS" in a hand-typed query you get an error at runtime, which may or may not be well handled by the code.

  • Sole Purpose Of Visit (unregistered) in reply to Remy Porter

    That in itself is a metaWTF. What are the odds that a new programmer on the team, faced with something filled with "printf" tokens, is going to think "Oh, goodie, I can build this string using the boffo Magic EIght Ball QueryOMatic, and then use it in a Console.WriteLine? (Or, if Java, System.out.printX.)

    Though, given the "intent" (as in, the difference between manslaughter and murder) of this lovely little thing, I seriously doubt it sits on the type of framework you give it credit for.

  • Sole Purpose Of Visit (unregistered) in reply to S's cat

    Also, if used in combination with the CoPilot splodge from yesterday's WTF, you're giving the AI a much stronger signal.

    EXTRA_LONG_TOKENS_FTW!

    Oops, I panicked. Win!

  • Moogle (unregistered)

    One of the more important implicit guidelines of programming is: add as much human-semantic value per-statement as possible. Code is read more than it is written, so make it easy to for humans to understand. Much of this code does the opposite.

    Another important guideline is: use identifiers to identify things that might vary. I'm not privy to the internal workings of our SQL overlords, but I strongly suspect that ASC and DESC are unlikely to change in future SQL standards.

    I'm sorry for anyone who has to work with code like this!

  • (nodebb)

    I know how to improve this.

    const string A_LETTER = "A";

    ...

    string sql = S_LETTER + E_LETTER .....

  • (nodebb)

    Yes, there are some database APIs that use %s as placeholders -- Python mysql connectors, for instance.

    But one of the %s is in quotes, and I can't think of any that replace quoted placeholders. And IN (%s) also looks printfy.

  • (nodebb) in reply to S's cat
    you get an error at runtime, which may or may not be well handled by the code.
    And no telling how the users are going to respond to this, even the QA users. QA report: Ordering a pizza always gives the error message: "Malformed query at line 1, character 76", although the character number sometimes changes. Ordering a " ' AND FALSE; Update Size_Name = NULL; --" makes all sizes of pizza disappear from the ordering screen. Ordering a " ' AND FALSE; DROP TOPPINGS; --" renders the ordering screen inoperable.

    Addendum 2021-07-07 09:20: Oops, that Update was supposed to be: Update Crust_Type Set Size_Name = NULL;

  • (nodebb) in reply to Prime Mover
    Anchovy, pineapple and chocolate, please.
    Unfortunately, chocolate is listed as a test item, so you can order, but it never shows up in your order. You order 3 toppings, you pay for 3 toppings, but you only get 2 toppings (fruit and salted fish).
  • (nodebb)

    @Remy - "as I have seen query layers which use % params instead." ... care to enumerate at least two of them?

  • Mmmmmm (unregistered)

    Redacted Pizza! Mmmmmmm....

  • Angela Anuszewski (google) in reply to Mmmmmm

    Someone needs to open a pizza shop named this somewhere in Fort Meade, MD.

  • The80sGuy-J-Geils-Band (unregistered)

    Is this how his wife became a bowling ball?

  • Chris (unregistered) in reply to Remy Porter

    I used to work in a pizza joint where I had to clean containers used the previous night, often without emptying the contents first. Meaning, I often had to come in and wash containers full of anchovies, that had been sitting out overnight in a tropical climate (overnight low temperatures 80 - 85 F). Took me nearly 2 decades before I could stomach the smell of anchovies after leaving that job.

  • Chris (unregistered) in reply to S's cat

    I have spent many arguments with a colleague over the advantages of using enums over strings for this exact reason. Things like country names, where we have to apply different settings if a particular country or region is involved.

Leave a comment on “Constantly Querying”

Log In or post as a guest

Replying to comment #:

« Return to Article