26 lines
543 B
Plaintext
26 lines
543 B
Plaintext
Query by the value of a non-existent column using a standard ANSI join, and you'll get an error. Do the same thing in a sub-query, and you'll silently get the wrong result because the condition will effectively be ignored.
|
|
|
|
|
|
== Noncompliant Code Example
|
|
|
|
[source,text]
|
|
----
|
|
CREATE TABLE rule (
|
|
id integer(10),
|
|
.... );
|
|
|
|
CREATE TABLE issue (
|
|
id integer(10),
|
|
rule_id integer(10),
|
|
... );
|
|
|
|
SELECT id, status
|
|
FROM issue
|
|
WHERE rule_id in (
|
|
SELECT rule_id -- Noncompliant. Condition ignored and all issues selected
|
|
FROM rule
|
|
WHERE ...
|
|
)
|
|
----
|
|
|