Many production databases have failed embarrassingly as a result of INSERT code that omits a column list, usually in mysterious ways and often without generating errors. Phil Factor demonstrates the problem and advocates a 'defense-in-depth' approach to writing SQL in order to avoid it.
You can insert rows into a table without providing a column list, but this has no valid use at all. As a rule, you should avoid all temptation to make your SQL code shorter by leaving things out. There are always exceptions to every rule, of course, but the INSERT column list is so essential that I'd advise you to stop the build if SQL Prompt (BP004), or whatever static code-analysis tool you use, detects such a crime. At the same time, I'd advise a defensive and pessimistic attitude to writing SQL code that would naturally rear up at the idea of 'chancy' code that leaves out column lists.
from DZone.com Feed http://bit.ly/2vusKXG
No comments:
Post a Comment