Raj KAJ (scottobear) wrote,
Raj KAJ
scottobear

ColdFusion PAGE OF WRONG

ColdFusion failIf you ever run into the page below while looking for CF info, ignore it!
Packed with Errors, it’s the anti-snickers. It really doesn’t satisfy.

 “Except for Table IDs, Avoid Numeric Fields Where Possible” 

seriously?

<cfquery name="getItem" datasource="context">
  select * from Item
  where ItemID = <cfoutput>#form.editme#</cfoutput>
  </cfquery>
error 1: You don’t need cfoutputs inside a cfquery
 error 2: no cfqueryparam tag.  Totally injectable
Don’t Autonumber; Create Your Own Table ID
Yes, that way if more than one person use the app at the same time, you overwrite each other.
“Wrap Inserts with a Try-Catch Combination that Tries Again”
Of course! Why trap an error when you can make an endless loop?!
Not to mention all the SELECT *
Why is SELECT * harmful?

There are really three major reasons:

  • Inefficiency in moving data to the consumer. When you SELECT *, you’re often retrieving more columns from the database than your application really needs to function. This causes more data to move from the database server to the client, slowing access and increasing load on your machines, as well as taking more time to travel across the network. This is especially true when someone adds new columns to underlying tables that didn’t exist and weren’t needed when the original consumers coded their data access.
  • Indexing issues. Consider a scenario where you want to tune a query to a high level of performance. If you were to use *, and it returned more columns than you actually needed, the server would often have to perform more expensive methods to retrieve your data than it otherwise might. For example, you wouldn’t be able to create an index which simply covered the columns in your SELECT list, and even if you did (including all columns [shudder]), the next guy who came around and added a column to the underlying table would cause the optimizer to ignore your optimized covering index, and you’d likely find that the performance of your query would drop substantially for no readily apparent reason.
  • Binding Problems. When you SELECT *, it’s possible to retrieve two columns of the same name from two different tables. This can often crash your data consumer. Imagine a query that joins two tables, both of which contain a column called “ID”. How would a consumer know which was which? SELECT * can also confuse views (at least in some versions SQL Server) when underlying table structures change – the view is not rebuilt, and the data which comes back can be nonsense. And the worst part of it is that you can take care to name your columns whatever you want, but the next guy who comes along might have no way of knowing that he has to worry about adding a column which will collide with your already-developed names.

But it’s not all bad for SELECT *. I use it liberally for these use cases:

  • Ad-hoc queries. When trying to debug something, especially off a narrow table I might not be familiar with, SELECT * is often my best friend. It helps me just see what’s going on without having to do a boatload of research as to what the underlying column names are. This gets to be a bigger “plus” the longer the column names get.
  • When * means “a row”. In the following use cases, SELECT * is just fine, and rumors that it’s a performance killer are just urban legends which may have had some validity many years ago, but don’t now:
    SELECT COUNT(*) FROM table;

    in this case, * means “count the rows”. If you were to use a column name instead of * , it would count the rows where that column’s value was not null. COUNT(*), to me, really drives home the concept that you’re counting rows, and you avoid strange edge-cases caused by NULLs being eliminated from your aggregates.

    Same goes with this type of query:

    SELECT a.ID FROM TableA a
    WHERE EXISTS (
        SELECT *
        FROM TableB b
        WHERE b.ID = a.B_ID);

    in any database worth its salt, * just means “a row”. It doesn’t matter what you put in the subquery. Some people use b’s ID in the SELECT list, or they’ll use the number 1, but IMO those conventions are pretty much nonsensical. What you mean is “count the row”, and that’s what * signifies. Most query optimizers out there are smart enough to know this.

Originally published at The Scotto Grotto. You can comment here or there.

Tags: code, fail
Subscribe
  • Post a new comment

    Error

    default userpic

    Your reply will be screened

    Your IP address will be recorded 

    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.
  • 0 comments