CodeSOD: Select Your Dropdown

Francisco's co-worker needed to populate a dropdown with three items: "--All--", "Accepted", and "Pending". Unfortunately for this co-worker, a basic understanding of "array literals" or "lists" or, well, any collection type was slightly beyond their grasp. Instead, they chose to do what many a developer who doesn't understand the date/time functions of their languages does: ask the database for help:

select '--All--' union select 'Accepted' union select 'Pending'

The code sent this query to the database, to retrieve a record set containing three entries, so that the dropdown could be data driven.

Now, I'll grant, this does sort of externalize the strings, which hey, we shouldn't have string literals in our programs if we can help it. Then again, the string literals are still in the program, we just send them to the database to get them back to us.

[Advertisement] ProGet’s got you covered with security and access controls on your NuGet feeds. Learn more.

This post originally appeared on The Daily WTF.

Leave a Reply

Your email address will not be published. Required fields are marked *