SQL call formatting style
Jason Pyeron
jason at pyeron.com
Tue Mar 25 20:03:56 UTC 2003
In those cases (3pg query) it should be put above the function not
in-lined.
If your structure for that query (i agree with the no foreign symbols) is
sparse, then use the quoting scheme best suited. But don't then "optimize"
it into the function call, mangling any hopes of speed-reading.
On Tue, 25 Mar 2003, Sergey A. Lipnevich wrote:
Jason,
Then I respectfully disagree with this policy.
I've read Myk's post before replying, and that's more of "let's fill
cars with water because gasoline doesn't smell nice to a driver" kind of
thing. The SQL in code is for the database and for developers, and
administrators would be much better served by a tool which is adequate
for their task. If a malicious user manages to squeeze destructive SQL
code with newlines past Bugzilla, will a good tool show administrators
entire statement or just the first line?
So, administrators need to take care of statements with or without
newlines, and this shouldn't be a reason for makeing developers' life
difficult. By a modest estimation of mine, keeping SQL statements as
sequences of characters uninterrupted by syntax alien to SQL, improves
debugging by the order of mangnitude, which is 10 times.
Besides, newlines mean nothing in SQL and practically nothing in HTML or
XML. Developers must be allowed to use them to their advantage. I'm
writing three page-long SQL statements nowadays (to be executed by DB2)
with almost
every significant token or condition on a separate line, and so far both
administrators and testers like them very much -- they can actually read
through them (in the logs or otherwise) as they would an email or a web
page.
Jason Pyeron wrote:
> Sergey,
>
> I understand our policy does not explain why to use a concatenation,
> but here is the gist: when new lines are embedded by formatting it is not
> obvious or explicit as to their existence. It is always better to use a
> "\n".
>
> This point was supported by Myk's statement:
>
> ... I find multi-line strings easier to work with, but being able to
> work with the MySQL process list is really important for Bugzilla system
> administrators, so I think we should use concatenation ...
>
>
----
To view or change your list settings, click here:
<http://bugzilla.org/cgi-bin/mj_wwwusr?user=jpyeron@pyerotechnics.com>
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
- -
- Jason Pyeron http://www.pyerotechnics.com -
- Owner & Lead Pyerotechnics Development, Inc. -
- +1 410 808 6646 (c) 500 West University Parkway #1S -
- +1 410 467 2266 (f) Baltimore, Maryland 21210-3253 -
- -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is for the designated recipient only and may contain
privileged, proprietary, or otherwise private information. If you
have received it in error, purge the message from your system and
notify the sender immediately. Any other use of the email by you
is prohibited.
More information about the developers
mailing list