Code That Made Me Cry, #CTMMC™

95% of all code makes me cry. The other 5% are white space.

Dynamic SQL (SQL, #40 / 48)

DECLARE @MyQuery nvarchar(max)
set @MyQuery = 'SELECT TOP 1 @TranslatedMessageOutput = 
               ' + @LanguageName + ' FROM local_translation WHERE English =
               '+CHAR(39)+CHAR(39)+Convert(nvarchar(50),
               (select English from inserted))
                +CHAR(39)+CHAR(39)+CHAR(39)+
               ' AND [' + @LanguageDateName + '] NOT LIKE ''%1900%'''        

For some reason, people always choose to learn writing dynamic SQL the hard way. By concatenating arbitrary strings into their SQL statements, creating loads of potential for SQL syntax errors and SQL injection. Why? Why not just use more static SQL with bind values in the first place? Probably because of the intricate fun involved with counting the number of apostrophe characters that you have to write to properly escape escaped code.

Source: http://stackoverflow.com/q/20310051/521799

comments powered by Disqus

Submit your own Code That Made You Cry

Send us your own example of code that made you cry! Please include:

Send the above to ctmmc@datageekery.com. All accepted submissions will be licensed as CC BY-SA 3.0. Submit only code of a compatible license.

Note that we may choose not to publish some submissions if we feel they're not appropriate. We hope you understand.

Don't let your SQL code make you cry!

Use jOOQ, instead of JDBC.

jOOQ generates Java code from your database and lets you build typesafe SQL queries through its fluent API.

Don't let your SQL code make you cry! Get back in control of your SQL with jOOQ.