Worst Practices Revealed

Two weeks ago, I asked for your help in creating a comprehensive list of SQL Server "worst practices." I thought this task would be a fun twist on the annual tradition of making New Year's resolutions, and I hoped that all of us could learn something along the way.

I know that talking about best practices—what you SHOULD do—is more politically correct. But the world would be a happier place to work and live in if we found a way to avoid the common mistakes we make day in and day out.

I've received a lot of support for this endeavor, and you've sent a great compilation of worst practices. The first group of worst-practices items is below. As the list grows, I hope it will serve as a reminder to experienced SQL Server professionals to avoid these common mistakes. I suspect that the list will also become a resource for SQL Server beginners as they learn the ropes. As the list grows, I'll occasionally publish some of the latest and greatest worst practices in this newsletter. I'll also find a location on the SQL Server Magazine Web site to post the list so I can keep it up-to-date.

The items in the following list appear in no particular order of importance, and I've liberally mixed administration and development worst practices.

Worst Practices:

  • Making production changes without testing them in a quality-assurance environment just because it's easier and saves time.
  • Running SQL Server in mixed-authentication mode without a NULL password for the systems administrator (sa) account.
  • Using inconsistent and arcane naming conventions for tables and columns.
  • Assuming someone else is doing the backup.
  • Assuming that the backup can be restored even though you've never tested your recovery plan.
  • Allowing NULL columns just because you're too lazy to figure out column defaults and constraints.
  • Hard-coding your applications to connect using sa.

Needless to say, I've never personally made ANY of these horrifying mistakes. But I have a friend who admits to making them from time to time. This list is far from comprehensive, so keep your suggestions coming!

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.