The grains of sand that solve Stonehenge mystery after 5,000 years: Scientists uncover new evidence key stone was moved hundreds of miles by HUMANS - and not glaciers
Made In Chelsea's Ruby Adler flashes her huge diamond engagement ring as she celebrates reality star fiancé Gavin Rubinstein's proposal after a whirlwind year-long romance
Family seek justice against child sex offender who assaulted their little girl
QUENTIN LETTS: Will Labour win over voters with a manifesto opposed to hot buttered crumpets and clotted cream - courtesy of a man who increasingly resembles a spluttering lunatic?
Chilling words allegedly said to Yazidi teen held by Melbourne ISIS Bride family - as explicit details of her alleged rape ordeal are revealed in court: 'I bought you for sex and housework'
Are YOU rich? Our calculator reveals how your salary stacks up against the rest of the UK - and your town and job
Mrs Hinch hits back as mum-shamers criticise her for 'taking her kids out of school to go on holiday'
Closed girls' school to be reopened for Special Needs children
Senior police officer defends using vans to remove counter-protesters during Epping disorder
Nobody needs Mythos or 0-days to build a chaos-causing computer worm – free open source models work just fine
Mark Wright shares sweet unseen snaps to mark Michelle Keegan's 39th birthday and quips 'you don't look a day over 21'
Amazon's New Stargate Series Is Officially Dead
Read more of this story at Slashdot.
Island home with private jetty and stables in Northern Ireland on sale for £1.15m
Rebecca Grossman and ex-lover Scott Erickson ordered to pay $176 million to parents of brothers killed in hit-and-run
Three hours in Southampton that exposed 'two-tier' Britain: What really happened the night Henry Nowak was murdered in unrivalled DEEP DIVE detail
Kaylee Goncalves's parents on facing Bryan Kohberger, catching criminals and dealing with the killer's fans: Listen to the interview in full in The Trial: USA podcast
CodeSOD: Build Up
If there's one thing that seems to be a constant source of issues, it's people constructing SQL queries through string concatenation. Even if you're using parameters in the query, I'm opposed to handling raw SQL as strings in my programs. My solution is always "use a builder"- an API that constructs a syntax tree that it can then render to SQL as needed. (Yes, a builder, not an ORM, that's a whole other discussion, I'm not dogmatically anti-ORM, but it's a leaky abstraction at best.)
Many languages have such a thing, Java included. Lukasz's team was using Java, and they had a rule: "don't do SQL strings, use a builder". Unfortunately for Lukasz's team, their guideline didn't specify what kind of builder.
StringBuilder builder = new StringBuilder(); builder.append("where ID_BSNGP = ? "); builder.append("and ID_ITM = ? "); builder.append("for update"); SQLQuery query = new SQLQuery(); query.setQueryString(builder.toString());A StringBuilder is a kind of builder. Technically correct and all that. It's just concatenation with extra steps, but it's a builder. Of course, the bonus point here is that this built query is… just wrong? SELECT FOR UPDATE field FROM table WHERE condition would make sense, but we're missing most of that syntax here.
That this code was running in production without anyone noticing means that whatever errors this was triggering were getting swallowed or ignored, and the fact that no good output ever came from it ended up not mattering. The real WTF is less the malicious compliance and more the fact that this obviously broken code wasn't so broken as to be noticed.