In the midst of reviewing some code my client got back from and outsourced refactoring effort...
-
We ran into the following nice bit of code.
public static bool UniqueAssetNo(int assetId, string assetNo)
{
//--string sql = @"Select Count(*) From Asset " +
//-- @"Where ({0} = 0 Or AssetId <> {0}) " +
//-- @"And (LoanNum Not Like '%[A-Z]%') " +
//-- @"And (Cast('{1}' As bigint) = Cast(LoanNum As bigint))";
//We ran into an error during testing. I think it has to do with the indexes not being created properly. In either case, this one works.
try
{
string sql = @"Select Count(*) " +
@"From (Select AssetId, LoanNum " +
@" From Asset (NOLOCK) " +
@" Where ({0} = 0 Or AssetId <> {0}) " +
@" And (LoanNum Not Like '%[A-Z]%') And LTrim(RTrim(LoanNum)) <> '') qry " +
@"Where Cast('{1}' As bigint) = Case When qry.LoanNum = '' Then 0 else Cast(qry.LoanNum as bigint) end";
...
...What do you think? :P
-
We ran into the following nice bit of code.
public static bool UniqueAssetNo(int assetId, string assetNo)
{
//--string sql = @"Select Count(*) From Asset " +
//-- @"Where ({0} = 0 Or AssetId <> {0}) " +
//-- @"And (LoanNum Not Like '%[A-Z]%') " +
//-- @"And (Cast('{1}' As bigint) = Cast(LoanNum As bigint))";
//We ran into an error during testing. I think it has to do with the indexes not being created properly. In either case, this one works.
try
{
string sql = @"Select Count(*) " +
@"From (Select AssetId, LoanNum " +
@" From Asset (NOLOCK) " +
@" Where ({0} = 0 Or AssetId <> {0}) " +
@" And (LoanNum Not Like '%[A-Z]%') And LTrim(RTrim(LoanNum)) <> '') qry " +
@"Where Cast('{1}' As bigint) = Case When qry.LoanNum = '' Then 0 else Cast(qry.LoanNum as bigint) end";
...
...What do you think? :P
Glad I haven't eaten yet. X|
-
We ran into the following nice bit of code.
public static bool UniqueAssetNo(int assetId, string assetNo)
{
//--string sql = @"Select Count(*) From Asset " +
//-- @"Where ({0} = 0 Or AssetId <> {0}) " +
//-- @"And (LoanNum Not Like '%[A-Z]%') " +
//-- @"And (Cast('{1}' As bigint) = Cast(LoanNum As bigint))";
//We ran into an error during testing. I think it has to do with the indexes not being created properly. In either case, this one works.
try
{
string sql = @"Select Count(*) " +
@"From (Select AssetId, LoanNum " +
@" From Asset (NOLOCK) " +
@" Where ({0} = 0 Or AssetId <> {0}) " +
@" And (LoanNum Not Like '%[A-Z]%') And LTrim(RTrim(LoanNum)) <> '') qry " +
@"Where Cast('{1}' As bigint) = Case When qry.LoanNum = '' Then 0 else Cast(qry.LoanNum as bigint) end";
...
...What do you think? :P
:omg: Aside from the obvious, you might also want to do some reviews for SQL injection vulnerabilities.
-
:omg: Aside from the obvious, you might also want to do some reviews for SQL injection vulnerabilities.
:omg: pretty much sums it up, here too.
Andrew Rissing wrote:
do some reviews for SQL injection vulnerabilities
Yes, they should. They ought to do a search on this site for Colin Mackay's article on such topic :)
"The clue train passed his station without stopping." - John Simmons / outlaw programmer "Real programmers just throw a bunch of 1s and 0s at the computer to see what sticks" - Pete O'Hanlon "Not only do you continue to babble nonsense, you can't even correctly remember the nonsense you babbled just minutes ago." - Rob Graham