Ten Common SQL Programming Mistakes http://www.simple-talk.com/content/print.aspx?

article=783

20 August 2009
by Plamen Ratchev

It is not always easy to spot "antipatterns" in your SQL, especially in more complex queries. In this article, Plamen
demonstrates some of the most common SQL coding errors that he encounters, explains their root cause, and
illustrates potential solutions.

rogramming in SQL can be both a fun and a challenging task. Those with a background in traditional programming languages
such as Java, C, C++, and VB often find it difficult to adapt to the "set-based" mindset. Even seasoned SQL developers and
DBAs can get trapped in one of the many pitfalls of the SQL language. I have been there and I'm willing to bet that you have too.
Mastering the fundamentals takes time, and even then some mistakes are hard to spot.

My intention with this article was to highlight some of the more common mistakes that I've seen people make when coding SQL.
The list reflects my direct experience working with different development teams and developers, performing code review
sessions, and so on, as well as the issues I see every day on the newsgroups and forums. The list of common mistakes is far
from exhaustive, and is presented in no particular order of severity. In fact, the list could be regarded as the result of the following
query:

SELECT TOP(10) mistake

FROM CommonSQLProgrammingMistakes
ORDER BY CHECKSUM(NEWID());

Without further ado, here is the list:

1. NULLs and the NOT IN predicate

2. Functions on indexed columns in predicates
3. Incorrect subquery column
4. Data type mismatch in predicates
5. Predicate evaluation order
6. Outer joins and placement of predicates
7. Subqueries that return more than one value
8. Use of SELECT *
9. Scalar user-defined functions
10. Overuse of cursors

The examples are presented using SQL Server's Transact-SQL dialect, but most of the concepts are valid in any SQL
implementation.

One of the most common requests is to retrieve data based on some column value not included in a list of values. The following
two tables illustrate the scenario. We have tables with colors and products:

Colors table:

color
----------
Black
Blue
Green
Red
Products table:
sku product_description color
---- -------------------- ------
1 Ball Red
2 Bike Blue
3 Tent NULL

1 of 14 16/01/2010 11:28 ‫ص‬

Ten Common SQL Programming Mistakes http://www.simple-talk.com/content/print.aspx?article=783

Note that these tables do not represent a perfect design, following normalization rules and best practices. Rather, it is a simplified
scenario to help illustrate this example better. In reality, the colors table would most likely contain a color code key column that
would be referenced in the products table.

The request is to select a list of colors that have not previously been used on products. In other words, we need to construct a
query that returns only those colors for which there is no product with that color. It might seem, at first glance, that the NOT IN
predicate provides a very intuitive way to satisfy this request, very close to how the problem would be stated in plain English:

SELECT C.color
FROM Colors AS C
WHERE C.color NOT IN (SELECT P.color
FROM Products AS P);

You may have been expecting this query to return two rows (for 'black' and 'green') but, in fact, it returns an empty result set:

color
----------

(0 row(s) affected)

Obviously this is 'incorrect'. What is the problem? It's simply that SQL uses three-valued logic, driven by the existence of NULL,
which is not a value but a marker to indicate missing (or UNKNOWN) information. When the NOT operator is applied to the list of
values from the subquery, in the IN predicate, it is translated like this:

"color NOT IN (Red, Blue, NULL)"

This is equivalent to:

"NOT(color=Red OR color=Blue OR color=NULL)"

The expression "color=NULL" evaluates to UNKNOWN and, according to the rules of three-valued logic, NOT UNKNOWN also
evaluates to UNKNOWN. As a result, all rows are filtered out and the query returns an empty set.

This mistake will often surface if requirements change, and a non-nullable column is altered to allow NULLs. It also highlights the
need for thorough testing. Even if, in the initial design, a column disallows NULLs, you should make sure your queries continue to
work correctly with NULLs.

One solution is to use the EXISTS predicate in place of IN, since EXISTS uses two-valued predicate logic evaluating to
TRUE/FALSE:

SELECT C.color
FROM Colors AS C
WHERE NOT EXISTS(SELECT *
FROM Products AS P
WHERE C.color = P.color);

This query correctly returns the expected result set:

color
----------
Black
Green

Other possible solutions are as follows:

/* IS NOT NULL in the subquery */

SELECT C.color
FROM Colors AS C
WHERE C.color NOT IN (SELECT P.color
FROM Products AS P
WHERE P.color IS NOT NULL);

2 of 14 16/01/2010 11:28 ‫ص‬

Ten Common SQL Programming Mistakes http://www.simple-talk.com/content/print.aspx?article=783

/* EXCEPT */
SELECT color
FROM Colors
EXCEPT
SELECT color
FROM Products;

/* LEFT OUTER JOIN */

SELECT C.color
FROM Colors AS C
LEFT OUTER JOIN Products AS P
ON C.color = P.color
WHERE P.color IS NULL;

While all solutions produce the desired results, using EXCEPT may be the easiest to understand and use. Note that the EXCEPT
operator returns distinct values, which works fine in our scenario but may not be correct in another situation.

We often tend to write code as a direct translation of given request. For example, if we are asked to retrieve all customers whose
name starts with the letter L, it feels very natural to write the query like this, using the LEFT function to return the first character of
their name:

SELECT customer_name
FROM Customers
WHERE LEFT(customer_name, 1) = 'L';

Alternatively, if we are asked to calculate the total sales for January 2009, we might write a query like the following, which uses
the DATEPART function to extract the relevant month and year from the sale_date column:

SELECT SUM(sale_amount) AS total_sales

FROM Sales
WHERE DATEPART(YEAR, sale_date) = 2009
AND DATEPART(MONTH, sale_date) = 1;

While these queries look very intuitive, you will find that the indexes that you (of course!) have on your customer_name and
sale_date columns remain unused, and that the execution plan for these queries reveal index scans.

The problem arises from the fact that the index columns are being passed to a function, which the query engine must then
evaluate for every single row in the table. In cases such as these, the WHERE clause predicate is deemed "non-SARGable" and
the best that the query optimizer can do is perform a full index or table scan.

To make sure the indexes get used, we need to avoid the use of functions on the indexed columns. In our two examples, it is a
relatively simple task to rewrite the queries to use SARG-able predicates. The first requested can be expressed with this logically
equivalent query:

SELECT customer_name
FROM Customers
WHERE customer_name LIKE 'L%';

The equivalent for the second query is as follows:

SELECT SUM(sale_amount) AS total_sales

FROM Sales
WHERE sale_date >= '20090101'
AND sale_date < '20090201';

These two queries are most likely to utilize index seek to retrieve the data quickly and efficiently.

It's worth noting that SQL Server is getting "smarter" as it evolves. For example, consider the following query, which uses the
CAST function on the indexed sale_date column:

3 of 14 16/01/2010 11:28 ‫ص‬

Ten Common SQL Programming Mistakes http://www.simple-talk.com/content/print.aspx?article=783

SELECT SUM(sale_amount) AS total_sales

FROM Sales
WHERE CAST(sale_date AS DATE) = '20090101';

If you run this query on SQL 2005 or earlier, you'll see an index scan. However, on SQL Server 2008 you'll see an index seek,
despite the use of the CAST function. The execution plan reveals that the predicate is transformed into something like the
following:

SELECT SUM(sale_amount) AS total_sales

FROM Sales
WHERE sale_date >= '20090101'
AND sale_date < '20090102';

However, in general, you should use SARGable predicates where possible, rather than rely on the evolving intelligence of the
optimizer.

When writing a subquery, it is very easy to abstract yourself from the main query logic and concentrate on the subquery itself.
This can lead to the innocent mistake of substituting a column from the subquery source table for a column with similar name
from the main query.

Let's look at two very simple tables; one is a Sales table containing sales data, and the other is an auxiliary Calendar table that
has all calendar dates and holidays (abbreviated here):

Sales table:

sale_date sale_amount
---------- -----------
2009-01-01 120.50
2009-01-02 115.00
2009-01-03 140.80
2009-01-04 100.50

Calendar table:

calendar_date holiday_name
------------- ----------------
2009-01-01 New Year's Day
2009-01-02 NULL
2009-01-03 NULL
2009-01-04 NULL
2009-01-05 NULL

Our task is to retrieve sales data for holiday dates only. It seems like a trivial query to write:

SELECT sale_date, sale_amount

FROM Sales AS S
WHERE sale_date IN (SELECT sale_date
FROM Calendar AS C
WHERE holiday_name IS NOT NULL);

However, you'll find that query simply returns all rows from the Sales table! A closer look at the query reveals that the culprit to
be the SELECT list of the subquery. It accidentally references the sales_date column from the Sales table, instead of the
calendar_date column from the Calendar table.

If that is the case, why did we not get an error? Although the outcome was not what we expected, this is still a valid SQL
statement. When using a subquery, the outer query's columns are exposed to the inner query. Here, we unintentionally converted
the self-contained subquery, to be executed once and the value passed to the outer query, to a correlated subquery, logically
executed once for every row returned by the outer query.

4 of 14 16/01/2010 11:28 ‫ص‬

Ten Common SQL Programming Mistakes http://www.simple-talk.com/content/print.aspx?article=783

As a result, the subquery evaluates to sale_date IN (sale_date) which is always true, as long as there is at least one holiday
date in the Calendar table, and so our result set returns all rows from the Sales table. Of course, the fix is easy in this case; we
simply use the correct date column from the Calendar table:

SELECT sale_date, sale_amount

FROM Sales AS S
WHERE sale_date IN (SELECT C.calendar_date
FROM Calendar AS C
WHERE C.holiday_name IS NOT NULL);

This illustrates another important point: it is a best practice to prefix columns in subqueries with table aliases. For example, if we
had used an alias like this:

SELECT sale_date, sale_amount

FROM Sales AS S
WHERE sale_date IN (SELECT C.sale_date
FROM Calendar AS C
WHERE holiday_name IS NOT NULL);

Then this query would have resulted in an error – "Error: Invalid column name 'sale_date'".

This is another typical mistake that is sometimes hard to catch. It is very easy to mismatch data types in predicates. It could be in
a stored procedure where the parameter is passed as one data type and then used in a query to filter data on a column of
different data type. Another example is joining tables on columns with different data types, or simply using a predicate where data
types are mismatched.

For example, we may have a Customers table where the last_name column is of type VARCHAR:

CREATE TABLE Customers (

customer_nbr INT NOT NULL PRIMARY KEY,
first_name VARCHAR(35) NOT NULL,
last_name VARCHAR(35) NOT NULL);

Then the following stored procedure is used to retrieve the customer information by customer last name:

CREATE PROCEDURE GetCustomerByLastName

@last_name NVARCHAR(35)
AS
SELECT first_name, last_name
FROM Customers
WHERE last_name = @last_name;

Notice here the parameter @last_name is of data type NVARCHAR. Although the code "works", SQL Server will have to perform
implicit conversion of the last name column to NVARCHAR, because NVARCHAR is of higher data precedence. This can result in a
performance penalty. The implicit conversion is visible in the query plan as CONVERT_IMPLICIT. Based on collation, and other
factors, a data type mismatch may also preclude the use of an index seek. Use of the correct data type resolves the problem:

CREATE PROCEDURE GetCustomerByLastName

@last_name VARCHAR(35)
AS
SELECT first_name, last_name
FROM Customers
WHERE last_name = @last_name;

In many cases, this mistake is the result of splitting responsibilities on the team, and having one team member design the tables
and another implement stored procedures or code. Another reason could be using different data sources to join data where the
join columns have different data types in the source systems. The same advice applies not only to character data type
mismatches, but also to mismatches between numeric data types (like INT and FLOAT), or the mixing of numeric and character
data types.

5 of 14 16/01/2010 11:28 ‫ص‬

Ten Common SQL Programming Mistakes http://www.simple-talk.com/content/print.aspx?article=783

If you are familiar with the logical query processing order, then you may expect that a query is executed in the following order:

1. FROM
2. WHERE
3. GROUP BY
4. HAVING
5. SELECT

The sequence above outlines the logical order for executing query. Logically the FROM clause is processed first defining the
source data set, next the WHERE predicates are applied, followed by GROUP BY, and so on.

However, physically, the query is processed differently and the query optimizer is free to move expressions in the query plan in
order to produce the most cost efficient plan for retrieving the data. This leads to a common misunderstanding that a filter in the
WHERE clause is applied before the next phases are processed. In fact, a predicate can be applied much later in the physical
execution plan. Also, there is no left to right order for execution of predicates. For example, if you have a WHERE clause
containing "WHERE x=1 AND y=2", there is no guarantee that "x=1" will be evaluated first. They can be executed in any order.

For example, consider the following Accounts table where, in the account_reference column, Business accounts are denoted
by a numeric reference and Personal accounts by a character reference:

account_nbr account_type account_reference

----------- --------------- -----------------
1 Personal abc
2 Business Basic 101
3 Personal def
4 Business Plus 5

In general, this table indicates bad design. The account_reference column should be represented as two different attributes,
specific to business and personal accounts and each with the correct data type (not even belonging to the same table). However,
in practice, we very often have to deal with systems designed with shortcomings, where altering the design is not an option.

Given the above scenario, a valid request is to retrieve all business type accounts with an account reference that is greater than
20 (assuming account reference has some meaningful numeric value for business type accounts). The query may look like this:

SELECT account_nbr, account_reference AS account_ref_nbr

FROM Accounts
WHERE account_type LIKE 'Business%'
AND CAST(account_reference AS INT) > 20;

However, the query results in error:

"Conversion failed when converting the varchar value 'abc' to data type int"

The query fails because, as noted earlier, there is no prescribed order for executing predicates and nothing guarantees that the
predicate "account_type LIKE ‘Business%’" will be evaluated before the predicate "CAST(account_reference AS INT) > 20".
In our case, the second predicate is evaluated first resulting in a conversion error, due to the incompatible values in the
account_reference column, for personal accounts.

One attempt to resolve this issue might be to use a derived table (or common table expression) to filter the business type
accounts first, and then apply the predicate for account_reference column:

SELECT account_nbr, account_ref_nbr

FROM (SELECT account_nbr,
CAST(account_reference AS INT) AS account_ref_nbr
FROM Accounts
WHERE account_type LIKE 'Business%') AS A
WHERE account_ref_nbr > 20;

However, this results in the exact same error because derived tables and CTEs are expanded in the query plan and a single

6 of 14 16/01/2010 11:28 ‫ص‬

Ten Common SQL Programming Mistakes http://www.simple-talk.com/content/print.aspx?article=783

query plan is produced, where predicates can again be pushed up or down in the plan.

As indicated earlier, the problem here is a mix of bad design and misunderstanding of how SQL Server performs physical query
execution. What is the solution? The best solution is to design the table correctly and avoid storing mixed data in a single column.
In this case, a work around is to use a CASE expression to guarantee that only valid numeric values will be converted to INT data
type:

SELECT account_nbr, account_reference AS account_ref_nbr

FROM Accounts
WHERE account_type LIKE 'Business%'
AND CASE WHEN account_reference NOT LIKE '%[^0-9]%'
THEN CAST(account_reference AS INT)
END > 20;

The CASE expression uses a LIKE pattern to check for valid numeric values (a double negation logic is used which can be
translated as "there is not a single character that is not a digit"), and only for those values performs the CAST. For the rest of the
values the CASE expression results in NULL, which is filtered out because NULL is not matched with any value (even with
NULL).

Outer joins are such a great tool but are also much misunderstood and abused. Some people seem to like them so much that
they throw one into almost every query, regardless of whether or not it is needed!

The key to correct use of outer joins is an understanding of the logical steps required to process an outer join in a query. Here
are the relevant steps from the query processing phases:

1. A cross join (Cartesian product) is formed for the two input tables in the FROM clause. The result of the Cartesian product
is every possible combination of a row from the first table and a row from the second table.
2. The ON clause predicates are applied filtering only rows satisfying the predicate logic.
3. Any Outer rows filtered out by the predicates in step 2 are added back. Rows from the preserved table are added with
their actual attribute values (column values), and the attributes (columns) from the non preserved table are set to NULL.
4. The WHERE clause predicates are applied.

An outer join query can produce completely different results depending on how you write it, and where predicates are placed in
that query. Let's look at one example, based on the following two tables, Customers and Orders:

Customers table:

customer_nbr customer_name
------------ --------------
1 Jim Brown
2 Jeff Gordon
3 Peter Green
4 Julie Peters

Orders table:

order_nbr order_date customer_nbr order_amt

----------- ----------
1 2008-10-01
2 2008-12-15
3 2009-01-02
4 2009-02-20
5 2009-03-05
------------ ----------
1 15.50
2 25.00
1 18.00
3 10.25
1 30.00

Our task is to retrieve a list of all customers, and the total amount they have spent on orders, since the beginning of year 2009.
Instinctively, one may write the following query:

SELECT C.customer_name, SUM(COALESCE(O.order_amt, 0)) AS total_2009

FROM Customers AS C
LEFT OUTER JOIN Orders AS O

7 of 14 16/01/2010 11:28 ‫ص‬

Ten Common SQL Programming Mistakes http://www.simple-talk.com/content/print.aspx?article=783

ON C.customer_nbr = O.customer_nbr
WHERE O.order_date >= '20090101'
GROUP BY C.customer_name;

But the results do not look good:

customer_name total_2009
-------------- ------------
Jim Brown 48.00
Peter Green 10.25

Customers Jeff and Julie are missing from the result set. Where is the problem? In order to understand what went wrong, let’s
play back this query one step at a time following the logical processing order. The first step is a cross join between the two input
tables:

SELECT C.customer_name, O.order_amt

FROM Customers AS C
CROSS JOIN Orders AS O;

This results in every possible combination of rows from both input tables:

customer_name order_amt order_date

---------------- ---------- ----------
Jim Brown 15.50 2008-10-01
Jim Brown 25.00 2008-12-15
Jim Brown 18.00 2009-01-02
Jim Brown 10.25 2009-02-20
Jim Brown 30.00 2009-03-05
Jeff Gordon 15.50 2008-10-01
Jeff Gordon 25.00 2008-12-15
Jeff Gordon 18.00 2009-01-02
Jeff Gordon 10.25 2009-02-20
Jeff Gordon 30.00 2009-03-05
Peter Green 15.50 2008-10-01
Peter Green 25.00 2008-12-15
Peter Green 18.00 2009-01-02
Peter Green 10.25 2009-02-20
Peter Green 30.00 2009-03-05
Julie Peters 15.50 2008-10-01
Julie Peters 25.00 2008-12-15
Julie Peters 18.00 2009-01-02
Julie Peters 10.25 2009-02-20
Julie Peters 30.00 2009-03-05

The next step is applying the ON predicates of the JOIN clause:

SELECT C.customer_name, O.order_amt, O.order_date

FROM Customers AS C
INNER JOIN Orders AS O
ON C.customer_nbr = O.customer_nbr;

The result of this query includes only customers with orders. Since customer Julie does not have any orders it is excluded from
the result set:

customer_name order_amt order_date

-------------- ---------- ----------
Jim Brown 15.50 2008-10-01
Jeff Gordon 25.00 2008-12-15
Jim Brown 18.00 2009-01-02
Peter Green 10.25 2009-02-20
Jim Brown 30.00 2009-03-05

The third step of the logical processing order is adding back the outer rows. These rows were excluded in the prior step because

8 of 14 16/01/2010 11:28 ‫ص‬

Ten Common SQL Programming Mistakes http://www.simple-talk.com/content/print.aspx?article=783

they did not satisfy the join predicates.

SELECT C.customer_name, O.order_amt, O.order_date

FROM Customers AS C
LEFT OUTER JOIN Orders AS O
ON C.customer_nbr = O.customer_nbr;

Now customer Julie is added back in the result set. Notice the added outer rows from the preserved table (Customers) have
values for the selected attributes (customer_name) and the non-preserved table (Orders) rows have NULL for their attributes
(order_amt and order_date):

customer_name order_amt order_date

-------------- ---------- ----------
Jim Brown 15.50 2008-10-01
Jim Brown 18.00 2009-01-02
Jim Brown 30.00 2009-03-05
Jeff Gordon 25.00 2008-12-15
Peter Green 10.25 2009-02-20
Julie Peters NULL NULL

The last step is applying the WHERE clause predicates:

SELECT C.customer_name, O.order_amt, O.order_date

FROM Customers AS C
LEFT OUTER JOIN Orders AS O
ON C.customer_nbr = O.customer_nbr
WHERE O.order_date >= '20090101';

Now the picture is clear! The culprit is the WHERE clause predicate. Customer Jeff is filtered out from the result set because he
does not have orders past January 1, 2009, and customer Julie is filtered out because she has no orders at all (since the outer
row added for Julie has NULL for the order_date column). In effect, in this case, the predicate in the WHERE clause turns the
outer join into an inner join.

To correct our initial query, it is sufficient to move the WHERE predicate into the join condition.

SELECT C.customer_name, SUM(COALESCE(O.order_amt, 0)) AS total_2009

FROM Customers AS C
LEFT OUTER JOIN Orders AS O
ON C.customer_nbr = O.customer_nbr
AND O.order_date >= '20090101'
GROUP BY C.customer_name;

Now, the query returns correct results because Jeff and Julie are filtered out in the join predicates, but then added back when the
outer rows are added.

customer_name total_2009
-------------- ------------
Jeff Gordon 0.00
Jim Brown 48.00
Julie Peters 0.00
Peter Green 10.25

In a more complex example, with multiple joins, the incorrect filtering may happen on a subsequent table operator (like join to
another table) instead in the WHERE clause. For example, say we have an OrderDetails table containing product SKU and
quantity, and the request is to retrieve a list of all customers, with order amount and quantity, for selected product SKUs. The
following query may seem correct:

SELECT C.customer_name, O.order_amt, D.qty

FROM Customers AS C
LEFT OUTER JOIN Orders AS O
ON C.customer_nbr = O.customer_nbr
INNER JOIN OrderDetails AS D

9 of 14 16/01/2010 11:28 ‫ص‬

Ten Common SQL Programming Mistakes http://www.simple-talk.com/content/print.aspx?article=783

ON D.order_nbr = O.order_nbr
AND D.sku = 101;

However, here the INNER join with the OrderDetails table plays the exact same role as the predicate in the WHERE clause in
our previous example, in effect turning the LEFT OUTER join to INNER join. The correct query to satisfy this request needs to
use a LEFT OUTER join to join to the OrderDetails table:

SELECT C.customer_name, O.order_amt, D.qty

FROM Customers AS C
LEFT OUTER JOIN Orders AS O
ON C.customer_nbr = O.customer_nbr
LEFT JOIN OrderDetails AS D
ON D.order_nbr = O.order_nbr
AND D.sku = 101;

A very frequent request is to retrieve a value based on some correlation with the main query table. For example, consider the
following two tables, storing details of products and the plants that manufacture these products:

Products table:

sku product_description
----- ------------------
1 Bike
2 Ball
3 Phone

ProductPlants table:

sku plant_nbr
----- -----------
1 1
2 1
3 2

The request is to extract the manufacturing plant for each product. One way to satisfy the request is to write the following query
using correlated subquery to retrieve the plant:

SELECT sku, product_description,

(SELECT plant_nbr
FROM ProductPlants AS B
WHERE B.sku = A.sku) AS plant_nbr
FROM Products AS A;

Note that the point here is to illustrate a technique; there could be a more efficient way to accomplish the same task. However, all
works fine and we get the correct result set:

sku product_description plant_nbr

---- ------------------- -----------
1 Bike 1
2 Ball 1
3 Phone 2

The query will continue to work happily until the day arrives that the company decides to start manufacturing Balls at plant 3, to
cope with increasing demand. The ProductPlants table now looks like this:

sku plant_nbr
----- -----------
1 1

10 of 14 16/01/2010 11:28 ‫ص‬

Ten Common SQL Programming Mistakes http://www.simple-talk.com/content/print.aspx?article=783

2 1
2 3
3 2

All of a sudden, our query starts generating the following error:

Msg 512, Level 16, State 1, Line 1

Subquery returned more than 1 value. This is not permitted when the subquery follows =, !=,
<, <= , >, >= or when the subquery is used as an expression.

The error is descriptive enough. Instead of the expected scalar value, our subquery returns a result set, which breaks the query.
Based on our business requirements, the fix is simple. To list all plants manufacturing plant for a particular product, we simply
use a JOIN:

SELECT A.sku, A.product_description, B.plant_nbr

FROM Products AS A
JOIN ProductPlants AS B
ON A.sku = B.sku;

Now the query completes without errors and returns the correct results:

sku product_description plant_nbr

---- -------------------- -----------
1 Bike 1
2 Ball 1
2 Ball 3
3 Phone 2

Note that the same error can occur in a predicate where a column or expression is tested against a subquery, for example "…
column = (SELECT value FROM Table)". In that case, the solution is to use the IN predicate in place of "=".

On first encounter with SQL we always praise the genius who invented the syntax SELECT *! It's so handy and easy to use!
Instead of explicitly listing all column names in our query, we just use the magic wildchar '*' and retrieve all columns. For example,
a common misuse of SELECT * is to extract a set of all plastic products and to insert them into another table with the same
structure:

INSERT INTO PlasticProducts

SELECT *
FROM Products
WHERE material_type = 'plastic';

Job done! However, one day business requirements change and two new columns are added to the Products table:

ALTER TABLE Products

ADD effective_start_date DATETIME,
effective_end_date DATETIME;

All of sudden the magic query results in error:

Msg 213, Level 16, State 1, Line 1

Insert Error: Column name or number of supplied values does not match table definition.

The fix is to explicitly list the column names in the query:

INSERT INTO PlasticProducts (sku, product_description, material_type)

SELECT sku, product_description, material_type
FROM Products

11 of 14 16/01/2010 11:28 ‫ص‬

Ten Common SQL Programming Mistakes http://www.simple-talk.com/content/print.aspx?article=783

WHERE material_type = 'plastic';

The situation can get even worse if a view is created using SELECT *, and later the base tables are modified to add or drop
columns.

Note: If a view is create using the SCHEMABINDING option, then the base tables cannot be modified in a way that will
affect the view definition.

To conclude, do not use SELECT * in production code! One exception here is when using the EXISTS predicate. The select list
in the subquery for the EXISTS predicate is ignored since only the existence of rows is important.

Reuse of code is one of the fundamental principles we learn when programming in any language, and the SQL language is no
exception. It provides many means by which to logically group code and reuse it.

One such means in SQL Server is the scalar user-defined function. It seems so convenient to hide away all those complex
calculations in a function, and then simply invoke it in our queries. However, the hidden "sting in the tail" is that it can bring a
heavy toll in terms of performance. When used in a query, scalar functions are evaluated for each row and, with large tables, this
can result in very slow running queries. This is especially true when the scalar function needs to access another table to retrieve
data.

Here is one example. Given tables with products and sales for products, the request is to retrieve total sales per product. Since
the total sales value can be reused in another place, you decide to use a scalar function to calculate the total sales for a product:

CREATE FUNCTION dbo.GetTotalSales(@sku INT)

RETURNS DECIMAL(15, 2)
AS
BEGIN
RETURN(SELECT SUM(sale_amount)
FROM Sales
WHERE sku = @sku);
END

Then the query to retrieve the total sales for each product will look like this;

SELECT sku, product_description, dbo.GetTotalSales(sku) AS total_sales

FROM Products;

Isn't this a very neat and good looking query? But just wait until you run it over a large data set. The total sales calculation will be
repeated for each and every row, and the overhead will be proportional to the number of rows. The correct way to handle this is,
if possible, is to rewrite the function as a table-valued function, or simply perform the calculation in the main query. In our
example, performing the calculation in the query will look like this:

SELECT P.sku, P.product_description, SUM(S.sale_amount) As total_sales

FROM Products AS P
JOIN Sales AS S
ON P.sku = S.sku
GROUP BY P.sku, P.product_description;

And here is a table-valued function that can be used to calculate total sales:

CREATE FUNCTION dbo.GetTotalSales(@sku INT)

RETURNS TABLE
AS
RETURN(SELECT SUM(sale_amount) AS total_sales
FROM Sales
WHERE sku = @sku);

Now the table-valued function can be invoked in the query using the APPLY operator:

12 of 14 16/01/2010 11:28 ‫ص‬

Ten Common SQL Programming Mistakes http://www.simple-talk.com/content/print.aspx?article=783

SELECT sku, product_description, total_sales

FROM Products AS P
CROSS APPLY dbo.GetTotalSales(P.sku) AS S;

Let's face it – we love loops! Whether we start programming with VB, C, C++, Java, or C#, one of the first constructs we
encounter is some form of a loop. They can helpfully solve pretty much any challenge you might face.

And so, it is only natural on the day we start programming with SQL to seek out our favorite loop construct. And here it is – the
mighty cursor (and its little WHILE brother)! Then we hurry to put the well known tool to use in solving our problems.

Let's look at one example. Given a table with product prices, we have to perform a monthly update of prices for products; the
price updates are stored in another table with new prices.

ProductPrices table:

sku price effective_start_date effective_end_date

---- ------ -------------------- ------------------
1 10.50 2009-01-01 NULL
2 11.50 2009-01-01 NULL
3 19.00 2009-01-01 NULL
4 11.25 2009-01-01 NULL

NewPrices table:

sku price
---- ------
2 11.25
4 12.00

A cursor solution may look like this:

DECLARE @sku INT;

DECLARE @price DECIMAL(15, 2);

DECLARE PriceUpdates
CURSOR LOCAL
FORWARD_ONLY
STATIC
READ_ONLY
FOR SELECT sku, price
FROM NewPrices;

OPEN PriceUpdates;

FETCH NEXT FROM PriceUpdates

INTO @sku, @price;

WHILE @@FETCH_STATUS = 0
BEGIN

UPDATE ProductPrices
SET price = @price,
effective_start_date = CURRENT_TIMESTAMP
WHERE sku = @sku;

FETCH NEXT FROM PriceUpdates

INTO @sku, @price;

END

CLOSE PriceUpdates;
DEALLOCATE PriceUpdates;

13 of 14 16/01/2010 11:28 ‫ص‬

Ten Common SQL Programming Mistakes http://www.simple-talk.com/content/print.aspx?article=783

Mission accomplished! Now we can take a well-deserved break while the query is running. Soon, the realization dawns that
procedural row by row processing is not working well in SQL. Besides being very slow, our solution is long, hard to read and
maintain. This is the moment we understand the power of SQL is its set-based nature. The same task can be accomplished using
a very efficient set-based query that is easier to understand and maintain:

UPDATE ProductPrices
SET price = (SELECT N.price
FROM NewPrices AS N
WHERE N.sku = ProductPrices.sku),
effective_start_date = CURRENT_TIMESTAMP
WHERE EXISTS(SELECT *
FROM NewPrices AS N
WHERE N.sku = ProductPrices.sku);

There are different ways to write a set based query to solve this problem: using the MERGE statement, update with Common
Table Expression, or the SQL Server specific update with join. But the point is to utilize the natural power of the SQL language
and use set based techniques to solve problems and to avoid procedural solutions.

Note: While you should avoid cursors as much as possible, there are certain problems, such as running total
aggregations, that today are still best solved using cursors. We can be optimistic that future enhancements will provide
better tools to solve those problems in a set based way.

Maybe now is a good time for the next code review of your SQL code. Hopefully some of these examples will help you be a better
developer/DBA and produce more reliable and efficient code. It is not always easy to spot these patterns, especially in more
complex queries. But as long as you understand the fundamentals, avoiding these mistakes is easy.

Happy SQL coding!

© Simple-Talk.com

14 of 14 16/01/2010 11:28 ‫ص‬