37 lines
881 B
Plaintext
37 lines
881 B
Plaintext
== Why is this an issue?
|
|
|
|
The use of ``++LIKE++`` in a SQL query without one or more wildcards in the sought value is suspicious. A maintainer can suppose that either ``++=++`` was meant instead, or that the wildcard was unintentionally omitted.
|
|
|
|
|
|
Note that in some cases using ``++LIKE++`` without a wildcard may return different results than the use of ``++=++``. Thus, the use of ``++LIKE++`` without a wildcard may be intentional. However, it is highly likely to confuse maintainers who either are unaware of this fact, or don't understand that such circumstances apply to the query in question.
|
|
|
|
|
|
=== Noncompliant code example
|
|
|
|
[source,text]
|
|
----
|
|
SELECT name
|
|
FROM product
|
|
WHERE name LIKE 'choc'
|
|
----
|
|
|
|
|
|
=== Compliant solution
|
|
|
|
[source,text]
|
|
----
|
|
SELECT name
|
|
FROM product
|
|
WHERE name LIKE 'choc%'
|
|
----
|
|
or
|
|
|
|
[source,text]
|
|
----
|
|
SELECT name
|
|
FROM product
|
|
WHERE name = 'choc'
|
|
----
|
|
|
|
|