21 Mar
2008

SQL Ejaculation

By: David Starr Category:UncategorizedTag: :

SQL Injection is the practice of slipping SQL code into a database execution command to get the DB to do something indirectly. Although this is a famous condition of a security vulnerability, it is less touted but more widely used by nefarious developers looking to subvert soul-crushing DBAs.

A typical example is the 1 month turnaround cycle for a new stored proc resulting in the inclusion by a developer of a "secret" stored proc that will execute whatever SQL sent to it as a string. I bring this up only because I know it is a less talked about, but very real.

The exact opposite of SQL Injection is (named by me) SQL Ejaculation. SQL Ejaculation is the practice of DBAs trying to insert their idea of view logic into an application via stored procedures.

Here is a classic example of SQL Ejaculation.

CREATE PROCEDURE sp_getCustomers
AS
SELECT "<tr><td>" + FirstName + "</td><td>" + LastName + "</td></tr>"
FROM Customer

And before you even ask, yes, people really do this. In fact, when I learned how to do it 15 years ago or so, I thought it was kind of cool. We all grow wiser, right?

2 thoughts on “SQL Ejaculation

  1. Pingback: Normal people bore me!
  2. Pingback: Elegant Code » What is Elegant Code to me?

Comments are closed.

Find me

RSS
Facebook
Twitter
LinkedIn

Disclaimer

The opinions and content expressed here are my own and not those of my employer.

Recent Posts

Find

Recent Articles

Recent Comments