Are the posted questions getting worse?

  • Thom A

    SSC Guru

    Points: 98326

    This doesn't surprise me at all, but it does surprise me that BBC realises it's so bad it's a headline: BBC News - Copycat coders create 'vulnerable' apps https://www.bbc.co.uk/news/technology-49960387

    Thom~

    Excuse my typos and sometimes awful grammar. My fingers work faster than my brain does.

  • Eirikur Eiriksson

    SSC Guru

    Points: 182349

    ThomasRushton wrote:

    BrainDonor wrote:

    SQL Saturday in Edinburgh  - 1st Feb, anybody from here thinking about going?

    I would do, except I'm playing in a show all that week.  Bad timing...

    We all do that every day, called going to work 😉

    😎

  • drew.allen

    SSC Guru

    Points: 76580

    Steve Jones - SSC Editor wrote:

    Thom A wrote:

    OH gods, it has a WHERE 1=1 clause too. ??

    This is likely built dynamically, so the 1=1 provides a basis for the query.

    But it's easy enough to clean up.  Just REPLACE(REPLACE(@sql, '1=1 AND ', ''), 'WHERE 1=1', '').  So if there are additional conditions, you remove the 1 = 1 and the following AND, otherwise you remove the WHERE 1 = 1.

    Drew

    J. Drew Allen
    Business Intelligence Analyst
    Philadelphia, PA

  • Steve Jones - SSC Editor

    SSC Guru

    Points: 715809

    drew.allen wrote:

    But it's easy enough to clean up.  Just REPLACE(REPLACE(@sql, '1=1 AND ', ''), 'WHERE 1=1', '').  So if there are additional conditions, you remove the 1 = 1 and the following AND, otherwise you remove the WHERE 1 = 1.

    Drew

    True, but two issues.

    1. No where and this errors out. I have [select .... where order by xxx ]
    2. This code is part of what's buried in plug ins or Project Nami, and we need an author to take a PR and update their code. Otherwise, all upgrades break.

    It is a good idea, and something that I hope we'll implement, but it's not as simple to change as you think

  • Jonathan AC Roberts

    SSCoach

    Points: 16879

    Steve Jones - SSC Editor wrote:

    drew.allen wrote:

    But it's easy enough to clean up.  Just REPLACE(REPLACE(@sql, '1=1 AND ', ''), 'WHERE 1=1', '').  So if there are additional conditions, you remove the 1 = 1 and the following AND, otherwise you remove the WHERE 1 = 1.

    Drew

    True, but two issues.

    1. No where and this errors out. I have [select .... where order by xxx ]
    2. This code is part of what's buried in plug ins or Project Nami, and we need an author to take a PR and update their code. Otherwise, all upgrades break.

    It is a good idea, and something that I hope we'll implement, but it's not as simple to change as you think

    I think the optimiser will evaluate WHERE 1=1 at compile time. So removing it would make absolutely no difference to the performance of the query.

  • Steve Jones - SSC Editor

    SSC Guru

    Points: 715809

    This does change some parameterization stuff, but I think it prevents simple mode, which I'm not sure would be used here. Not sure, and haven't dug into this as other work is still ongoing.

  • drew.allen

    SSC Guru

    Points: 76580

    Steve Jones - SSC Editor wrote:

    drew.allen wrote:

    But it's easy enough to clean up.  Just REPLACE(REPLACE(@sql, '1=1 AND ', ''), 'WHERE 1=1', '').  So if there are additional conditions, you remove the 1 = 1 and the following AND, otherwise you remove the WHERE 1 = 1.

    Drew

    True, but two issues.

     

      <li style="list-style-type: none;">

    1. No where and this errors out. I have [select .... where order by xxx ]

     

      <li style="list-style-type: none;">

    1. This code is part of what's buried in plug ins or Project Nami, and we need an author to take a PR and update their code. Otherwise, all upgrades break.

     

    It is a good idea, and something that I hope we'll implement, but it's not as simple to change as you think

    I don't see how you are getting SELECT ... WHERE ORDER BY xxx assuming that you are starting with SELECT ... WHERE 1=1 ORDER BY xxx, the first replace won't match, because there is no trailing AND, so it will leave you with the original string and the second will produce SELECT ... ORDER BY xxx, because the WHERE is included in the matching string 'WHERE 1=1'.

    Drew

    J. Drew Allen
    Business Intelligence Analyst
    Philadelphia, PA

  • Steve Jones - SSC Editor

    SSC Guru

    Points: 715809

    Ah, you're right, Drew. I was thinking this was a code replacement that would leave the WHERE, but that would work. However, it's also a PR to upstream modules, not something we want to change directly.

     

Viewing 8 posts - 64,066 through 64,073 (of 64,073 total)

You must be logged in to reply to this topic. Login to reply