Funniest code I've seen this week

sunsetsystems wrote on Friday, March 11, 2005:

So, while checking to see why searching for a patient by ID behaves strangely, I came across this function in patient.inc.  Guess what kind of SQL statement it generates?

----------

function getPatientId($pid = “%”, $given = “pid, id, lname, fname, mname, providerID, DATE_FORMAT(DOB,’%m/%d/%Y’) as DOB_TS”, $orderby = “lname ASC, fname ASC”, $limit=“all”, $start=“0”)
{
    $sql=“select pid, MAX(id) as id from patient_data group by pid DESC order by pid ASC”;
    $res = sqlStatement($sql);
    $sql=“select $given from patient_data where pubpid like ‘$pid%’ and (”;
    for ($iter = 0;$row = sqlFetchArray($res);$iter++)
        $sql.=" id=’{$row[‘id’]}’ or";
    if ($iter > 0)
        $sql = substr($sql, 0, -3) . “) order by $orderby”;
    else
        $sql = substr($sql, 0, -5).“order by $orderby”;
    if ($limit != “all”)
        $sql .= " limit $start, $limit";
    $rez = sqlStatement($sql);
    for($iter=0; $row=sqlFetchArray($rez); $iter++)
        $returnval[$iter]=$row;

    return $returnval;
}

----------

Hint: On my system it’s about 152,000 characters long!