Something I discovered at work today:

A sub procedure that takes three arguments:

A table name
Column list
Where clause

It concatenates all of those values together and executed the dynamically generated query.


  • 0
    I would assume it's some sort of identity function.
  • 1
    @SortOfTested no. It's exactly what I said. It's used on the front end to.... Populate <select> lists????
  • 0
    The text suggests more db than FE. That is weird for front end though. More reason to FP all the things.
  • 1
    Sounds like poor debug fuckery.
  • 0

  • 1
    Eh, why make life harder on intruders than it needs to be? Just give 'em the one function that they can screw the whole system with. It's like Londo said: "Ah, arrogance and stupidity all in the same package. How efficient of you!"
Add Comment