tags:

views:

147

answers:

5
+5  Q: 

SQL Code Smells

Hi Team,

Could you please list some of the bad practices in SQL, that novice people do?

I have found the use of "WHILE loop" in scenarios which could be resolved using set operations.

Another example is inserting data only if it does not exist. This can be achieved using LEFT OUTER JOIN. Some people go for "IF"

Any other thoughts?

Edit: What I am looking for is specific scenarios (as mentioned in the question) that could be achieved using SQL without using procedural constructs

Thanks

Lijo

+6  A: 

Here are some I have seen:

  • Using cursors instead of equivalent (and faster) set operations (joins etc).
  • Dynamic SQL for everything.
  • Code that is open to SQL Injection attacks.
  • Full outer joins even when they are not needed.
  • Huge stored procedures (hundreds/thousands of lines).
  • No comments.
Oded  2010-04-17 06:16:02
(n)Hibernate does outer joins by default -_-
HeavyWave  2010-04-17 06:22:23
+1  A: 

Personally for me: anything that is not a plain INSERT, UPDATE, DELETE or SELECT statement

I don't like logic in SQL.

Tungano  2010-04-17 06:17:06
That's ironic, given that SQL is founded on predicate logic. Perhaps you should qualify this statement (Did you mean, "No cursors", or something like that?).
Marcelo Cantos  2010-04-17 06:32:48
I guess you haven't worked with large datasets in a corporate environment then. Not that I disagree entirely, but sometimes its the best solution.
James Westgate  2010-04-17 06:38:44
I think, logic inside SQL is inevitable when working with Reporting.
Lijo  2010-04-17 06:41:21
code logic is fine within SQL, I think business logic in SQL is bad...now you're going to ask for an example: Logic normally involves IF statements for example which some people try and avoid in SQL, we for instance convert Guid.Empty values {00000....} to NULL as part of our code generated SQL scripts
Mark Redman  2010-04-17 06:53:30
A: 

My biggest beef here is definitely repetitive SQL. As an example, multiple stored procedures that perform the exact same joins but different filters.

Using Views in such cases can make your database MUCH easier to look at and work with

LorenVS  2010-04-17 06:18:20
Could you please give an example that can only be achieved using repetitive queries, if we are using Stored Proecure? [The same can be achieved without repetition when used VIEWS]
Lijo  2010-04-17 07:17:18
+2  A: 

Placing ODBC or dynamic SQL calls all over the code.

Often it is better to define a data abstraction layer that provides access to the databases. All the SQL code can hide in that layer. This often avoids replication of similar queries, and makes changing data models easier to do.

Ira Baxter  2010-04-17 06:18:50
A: 

1) Creating vendor-specific SQL, when generic SQL would do. 2) Creating tables dynamically at runtime (other than TEMPORARY tables). Among other problems, letting your application code have table create privs is a security risk.

Bryce  2010-04-17 06:52:45

related questions

Backup SQL Schema Only?
Sql to query a dbs scheme
Timer-based event triggers
Sql query, count and group by
Paging SQL Server 2005 Results
SQL 2005 For XML Explicit - Need help formatting
How do I use T-SQL Group By
What all do I need to escape when sending a (My)SQL query?
Split String in SQL
Datatable vs Dataset
ASP.NET MVC "CRUD" Database Sample
Convert HashBytes to VarChar
Best Book for a new Database Developer
What is the best way to avoid SQL injection attacks?
What language do you use for Postgresql triggers and stored procedures?
What is the best way to handle multiple permission types?
How do I index a database field
Swap unique indexed column values in database.
cx_Oracle - what is the best way to iterate over a result set?
cx_Oracle - How do I access Oracle from Python?
Is there a version control system for database structure changes?
How to export data from SQL Server 2005 to MySQL
ASP.NET Site Maps
Decoding T-SQL CAST in C#/VB.net
Flat File Databases in PHP