This is the review of the second chapter of the book Defensive Database Programming. The title of this chapter is “Code Vulnerabilities Due to SQL Server MisConceptions.”
This chapter examines three common misconceptions:
- WHERE clause conditions will always be evaluated in the same order
- SET and SELECT always change the values of variables
- Data will be returned in some “natural order”
Another misconception is that DBAs and Developers know these misconceptions. As frequently as we are reminded of these things, it is not enough and we need to continue to remind ourselves about these misconceptions as well as teach others the same thing.
As was shown in the first chapter, we have been given some samples of how these statements are proved invalid. Due to the proof of the misconception, we are also given some alternatives to code against them.
This is the kind of information that should be required reading for anybody who needs to write a stored procedure or a script that touches a database. Even for seasoned professionals, the samples laid out in this chapter need to be examined. I think most of us could find an application in our current environments where we could apply these principles right away.
In this chapter we also see another use for the “Numbers” table. This chapter is also rather easy to read and written well. I hope you enjoy reading it as well.