95% of all code makes me cry. The other 5% are white space.
DECLARE @MyQuery nvarchar(max) set @MyQuery = 'SELECT TOP 1 @TranslatedMessageOutput = ' + @LanguageName + ' FROM local_translation WHERE English = '+CHAR(39)+CHAR(39)+Convert(nvarchar(50), (select English from inserted)) +CHAR(39)+CHAR(39)+CHAR(39)+ ' AND [' + @LanguageDateName + '] NOT LIKE ''%1900%'''
For some reason, people always choose to learn writing dynamic SQL the hard way. By concatenating arbitrary strings into their SQL statements, creating loads of potential for SQL syntax errors and SQL injection. Why? Why not just use more static SQL with bind values in the first place? Probably because of the intricate fun involved with counting the number of apostrophe characters that you have to write to properly escape escaped code.comments powered by Disqus
Send us your own example of code that made you cry! Please include:
Note that we may choose not to publish some submissions if we feel they're not appropriate. We hope you understand.
Use jOOQ, instead of JDBC.
jOOQ generates Java code from your database and lets you build typesafe SQL queries through its fluent API.