Yesterday and the day before were the two most boring days of coding I have ever experienced. I hope I never have to do anything like this again…

We’re reviewing our database access code and decided to switch from executing plain SQL statements and stored procs, to using parameterised queries. In practice this meant replacing a method that built SQL statements as strings, with one that created SQL commands, and replacing all calls to the previous method with calls to the new one.

Because the new method returns a different data type, we couldn’t automate this. Each method call had to be changed manually.

Unfortunately the various previous developers did not believe in having a separate data access layer, so there is data access code everywhere. And I mean literally everywhere: every single aspx file has at least one, and often up to 10 database calls.

This led to a sum total of exactly 879 method calls that had to be changed. Manually. One by one. It took me most of Thursday and half of Friday to slog through them all. That’s more than 80 method calls per hour, or one every 45 seconds.

The only good thing about this (apart from making the application more secure) is that we are now even more convinced that we need to refactor this beast into a more manageable shape, and sooner rather than later.