SqlServer

SqlServer Rules

Category Severity Name Description
Maintainability Major @@IDENTITY should not be used

The code rule "@@IDENTITY should not be used" states that the global variable @@IDENTITY should not be used in SQL Server code. This variable is often used to retrieve the last identity value generated in the current session, but it can be unreliable and lead to unexpected results. Instead, the SCOPE_IDENTITY() function should be used to retrieve the last identity value generated in the current scope.

Maintainability Critical A primary key should be specified during table creation

The rule that a primary key should be specified during table creation ensures that each record in a database table is uniquely identified. This is done by assigning a unique value, or combination of values, to each record. This makes it easier to locate and update individual records, as well as ensuring data integrity and preventing duplicate records. Specifying a primary key during table creation also helps to improve query performance by allowing the database engine to quickly identify and retrieve records.

Bug Major All branches in a conditional structure should not have exactly the same implementation

The rule "All branches in a conditional structure should not have exactly the same implementation" states that when a conditional structure is used in SQL Server code, the branches should not have identical implementations. This means that each branch should have a unique implementation that is tailored to the specific conditions of that branch. This helps to ensure that the code is efficient and that it produces the desired results. Additionally, this rule helps to prevent potential errors or unexpected behavior that could occur if the same implementation were used for all branches.

Maintainability Major ANSI_NULLS, ANSI_PADDING and CONCAT_NULL_YIELDS_NULL should not be configured The ANSI_NULLS, ANSI_PADDING and CONCAT_NULL_YIELDS_NULL code rules indicate that the SQL Server should not be configured to use these settings. ANSI_NULLS defines how to handle comparisons involving NULL values. When set to ON, two NULL values are considered equal. When set to OFF, two NULL values are considered unequal. ANSI_PADDING defines how to handle trailing spaces in character data. When set to ON, trailing spaces are retained. When set to OFF, trailing spaces are removed. CONCAT_NULL_YIELDS_NULL defines how to handle the concatenation of NULL values. When set to ON, the result of the concatenation is NULL. When set to OFF, the result of the concatenation is an empty string. For optimal performance, it is recommended that these settings not be configured as they can lead to unexpected results and can affect the performance of the SQL Server.
Maintainability Minor Boolean checks should not be inverted

The rule "Boolean checks should not be inverted" means that when writing code for SQL Server, boolean checks should not be written in a way that inverts the logic of the check. For example, a check for a value less than 10 should not be written as "value greater than or equal to 10". This is because inverting the logic of the check can cause confusion and make the code harder to read and understand. Additionally, it can lead to errors in the code and can be difficult to debug. Therefore, it is best practice to write boolean checks in the most straightforward way.

Maintainability Critical CASE expressions should end with ELSE clauses

The "CASE expressions should end with ELSE clauses" rule states that all CASE expressions used in SQL Server code should include an ELSE clause. This ensures that all possible values are accounted for, and helps to prevent unexpected results. The ELSE clause should include an appropriate action, such as setting a value to NULL, or returning a default value. This helps to ensure that all possible cases are handled in a consistent manner, and that no unexpected results occur.

Maintainability Major CASE expressions should not have too many WHEN clauses

The "CASE expressions should not have too many WHEN clauses" rule states that when using CASE expressions in SQL Server, the number of WHEN clauses should be limited to improve readability and maintainability of the code. Having too many WHEN clauses can make the code difficult to read and understand, and can also lead to potential performance issues. This rule encourages developers to use simpler alternatives such as IF/ELSE or WHILE loops when multiple WHEN clauses are needed. Additionally, it is recommended to use meaningful names for each WHEN clause to make the code easier to read and maintain.

Bug Critical CASE input expressions should be invariant

The CASE input expressions should be invariant rule states that when using the CASE statement in SQL Server, the input expressions should remain the same throughout the statement. This means that any variables used in the input expressions should not be changed or modified, as this could lead to unexpected results. This rule is important to ensure that the CASE statement produces the expected output.

Maintainability Minor CATCH clauses should do more than rethrow

This code rule states that any CATCH clauses used in a SQL Server script should not simply rethrow the exception, but should also do something else, such as logging the error, or performing some other action. This helps to ensure that exceptions are handled properly, and that errors are not simply ignored.

Maintainability Major COALESCE, IIF, and CASE input expressions should not contain subqueries

This rule states that when using the COALESCE, IIF, and CASE functions in SQL Server, the input expressions should not contain subqueries. Subqueries should not be used because they can cause performance issues, as well as make the code more difficult to read and maintain. Instead, use a simple expression or variable.

Maintainability Minor Code elements must not be unused

The "Code elements must not be unused" rule states that all code elements must be used in a SQL Server database. This includes all variables, functions, stored procedures, views, and other objects. Unused code elements can lead to errors and unexpected behavior, and can also make it difficult to troubleshoot issues. This rule ensures that all code elements are used in a meaningful way and that all objects are properly maintained. It also helps to ensure that the code is efficient and well-structured.

Maintainability Major Collapsible if statements should be merged

The "Collapsible if statements should be merged" code rule states that when multiple if statements are logically connected, they should be merged into a single if statement to improve readability and maintainability of the code. This helps to reduce the complexity of the code and make it easier to understand what the code is doing. Additionally, merging the if statements can help to reduce the number of lines of code, making it easier to debug and maintain.

Maintainability Major Column names should be used in an ORDER BY clause

This rule states that when using the ORDER BY clause in SQL Server, column names should be used instead of column numbers. This ensures that the ordering of the results is based on the columns that are specified, and not on the order of the columns in the table.

For example, if you wanted to order a table by the columns "FirstName" and "LastName", you should use the following code:

ORDER BY FirstName, LastName

Instead of using the column numbers, which may change in the future, this rule ensures that the ordering of the results is always based on the specified columns.

Maintainability Minor Column references should not have more than two-parts

The "Column references should not have more than two-parts" rule states that when referencing columns in a SQL Server query, the column name should not contain more than two parts. This means that a column name should not contain any dot notation or any other type of delimiter which would create multiple parts. For example, a column name such as "dbo.users.name" would not be allowed, while "users.name" would be allowed.

This rule is in place to ensure that queries are as simple and efficient as possible. Having multiple parts in a column reference can lead to confusion and can make it difficult to read and understand the query. It can also lead to errors if the wrong column is referenced.

Maintainability Major Columns to be read with a SELECT statement should be clearly defined

This SQL Server code rule states that when using a SELECT statement, the columns that are to be read should be explicitly defined. This helps to ensure that only the data that is required is read, and that the query is more efficient. Additionally, it ensures that the query is more readable, as the columns that are being read are clearly defined.

Maintainability Critical Conditionally executed code should be denoted by either indentation or BEGIN...END block

The rule "Conditionally executed code should be denoted by either indentation or BEGIN...END block" is used to ensure that code is properly organized and easily readable. This rule states that any code that is conditionally executed should be denoted either by indentation or by using a BEGIN...END block. Indentation helps make code easier to read and understand, while BEGIN...END blocks clearly denote the start and end of a conditionally executed block of code. This rule helps ensure that code is properly structured and organized, making it easier to maintain and debug.

Maintainability Critical Conditionals should start on new lines

This rule states that when writing a conditional statement in SQL Server, the condition should start on a new line. This helps to improve readability and make it easier to spot errors. For example, instead of writing:

IF (condition) THEN

It should be written as:

IF
(condition)
THEN

Maintainability Critical Control flow statements IF, WHILE and TRY should not be nested too deeply

This code rule states that control flow statements such as IF, WHILE and TRY should not be nested too deeply. This means that when writing code, it is important to keep the number of nested control flow statements to a minimum. Too many nested control flow statements can make code difficult to read and debug, and can lead to performance issues. It is therefore important to keep the number of nested control flow statements to a reasonable level.

Maintainability Critical Control structures should use BEGIN...END blocks

The "Control structures should use BEGIN...END blocks" rule for SQL Server requires that all control structures (e.g. IF, WHILE, etc.) should be enclosed in BEGIN and END statements. This helps to ensure that all statements within the control structure are executed as a single unit, which is important for ensuring the integrity of the data. It also makes the code easier to read and debug, as the start and end of each control structure is clearly marked. This rule is enforced by the SQL Server query optimizer, and any violation of this rule will result in an error.

Bug Critical DELETE and UPDATE statements should contain WHERE clauses

The DELETE and UPDATE statements should contain WHERE clauses in order to limit the scope of the changes to only the rows that meet the specified criteria. This is important to ensure that the changes are only applied to the intended rows and that no unintended changes are made. Without a WHERE clause, the entire table or set of records will be affected, which could have serious consequences. Therefore, it is important to always include a WHERE clause when using DELETE and UPDATE statements in order to limit the scope of the changes.

Maintainability Major Deprecated features should not be used

The SqlServer code rule "Deprecated features should not be used" states that any deprecated features of the SqlServer platform should not be used in code. Deprecated features are features that have been superseded by newer versions or features, and are no longer supported by the platform. Using deprecated features can lead to security vulnerabilities, performance issues, and compatibility problems, so it is important to avoid using them in code. It is also important to ensure that any code written is up to date with the latest version of SqlServer, as new features may be available that can improve the code's performance or security.

Maintainability Major Deprecated system tables and views should not be used

The rule "Deprecated system tables and views should not be used" states that any system tables or views that have been marked as deprecated, or are no longer supported, should not be used by developers when writing SQL Server code. This rule is important because deprecated system tables and views can contain outdated or inaccurate data, and using them in code can lead to unexpected results or errors. Additionally, using deprecated system tables and views can also cause performance issues if the code is not optimized properly.

Maintainability Major Duplicate values should not be passed as arguments

The "Duplicate values should not be passed as arguments" SQL Server code rule states that when passing arguments to a stored procedure or function, any duplicate values should not be included. This is to avoid any potential issues with the code, such as an unexpected result or an error. By not including duplicate values, the code will be more reliable and efficient. In some cases, it may also be necessary to check the data type of the argument to ensure that they are compatible with the data type of the parameter. This code rule helps to ensure that the code is robust and reliable.

SecurityWarning Critical Dynamically executing code is security-sensitive

The "Dynamically executing code is security-sensitive" rule for SQL Server code states that dynamically executing code can be a security risk due to the possibility of malicious code being injected into the system. It is recommended that code be validated and tested before being executed to ensure that it is safe and secure. Additionally, developers should be aware of the potential security risks associated with dynamic execution and take steps to minimize them. This includes using stored procedures, parameterized queries, and input validation to prevent malicious code from being injected into the system.

Maintainability Minor Empty statements should be removed

The Empty Statements should be removed code rule in SQL Server states that any empty statements in a SQL script should be removed. Empty statements are those that do not contain any content and are not required for the code to execute. Examples of empty statements include blank lines, comments, and empty IF, WHILE, and BEGIN/END blocks. Removing empty statements can help reduce the complexity of the code and make it easier to read and understand. Additionally, it can help reduce the number of errors that may occur during execution.

Maintainability Critical Expressions should not be too complex

The "Expressions should not be too complex" rule is a best practice for writing SQL Server code. It suggests that developers should avoid writing complex expressions that are hard to read and understand. Such expressions can lead to unexpected results and can cause performance issues. This rule encourages developers to break down complex expressions into simpler parts to make them easier to read and understand. Additionally, it encourages developers to use simpler expressions that are more efficient and easier to debug. Following this rule can help ensure that the code is readable and maintainable, and that it performs well.

Maintainability Major Files should not have too many lines of code

This rule states that files should not contain an excessive amount of code. This is to ensure that files are easier to read and understand. It is also important to keep code organized and manageable. Too much code can lead to confusion and difficulty in debugging and maintaining the code. This rule helps to keep code organized and maintainable. It is important to keep the code as concise as possible and to split up large files into smaller, more manageable chunks. This will ensure that the code is easier to read and understand.

Maintainability Major Function and procedure names should comply with a naming convention

The "Function and Procedure Names Should Comply with a Naming Convention" rule states that all functions and procedures within a SQL Server database should be named according to a predetermined naming convention. This naming convention should be consistent across all databases and should be used to make it easier for developers and administrators to identify the purpose of a particular function or procedure. This naming convention should also be documented and used to ensure that all functions and procedures are consistently named.

Maintainability Major Functions and procedures should not have too many parameters

The code rule "Functions and procedures should not have too many parameters" states that functions and procedures should be kept as simple as possible, with a limited number of parameters. Having too many parameters can make the code difficult to read, understand, and maintain. It can also lead to increased complexity and a greater chance of errors. When designing functions and procedures, it is important to keep the number of parameters to a minimum, and to use descriptive names for each parameter. This will make the code easier to read and maintain, and will reduce the chances of errors.

Maintainability Major Functions and stored procedure should not have too many lines of code

The SQL Server code rule "Functions and stored procedures should not have too many lines of code" is a best practice for developers to follow when creating functions and stored procedures. This rule is designed to help maintain code readability and reduce the complexity of the code. It is important to keep the code concise and easy to understand, as too many lines of code can lead to confusion and difficulty in debugging. Additionally, too much code can lead to an increase in the amount of time it takes to execute the code. By following this rule, developers can ensure their code is efficient and maintainable.

Maintainability Major GOTO statements should not be used

The GOTO statements should not be used rule states that GOTO statements should not be used when writing SQL Server code. GOTO statements are a type of unconditional jump which can make code difficult to read and maintain. They should be avoided in favor of more structured programming techniques, such as using IF-ELSE statements. Using GOTO statements can also lead to unintended results, as the code may not execute as intended. This rule encourages developers to use more structured programming techniques to ensure that code is more readable and maintainable.

Bug Major Identical expressions should not be used on both sides of a binary operator

This rule states that when using a binary operator (such as an equals sign or a less than sign) the same expression should not be used on both sides of the operator. For example, in the following statement:

x = x

The expression "x" is used on both sides of the equals sign, which is not allowed according to this rule. Instead, the statement should be written as:

x = 5

or some other expression that is not the same on both sides of the equals sign.

Maintainability Critical IF ... ELSEIF constructs should end with ELSE clauses

The "IF ... ELSEIF constructs should end with ELSE clauses" rule states that when writing IF ... ELSEIF code in SQL Server, the last condition should always be an ELSE clause. This ensures that all possible conditions are accounted for, and helps to prevent unexpected results. The ELSE clause should be added even if no action is required, as this will make the code more readable and easier to maintain.

Maintainability Critical INSERT statements should explicitly list the columns to be set

The "INSERT statements should explicitly list the columns to be set" rule states that when inserting data into a table, the columns that are being set should be explicitly listed in the INSERT statement. This ensures that the data is being inserted into the correct columns, and that no data is being inserted into columns that are not intended to be set. This rule also helps to prevent any potential errors that may occur if the wrong data is inserted into the wrong column.

Bug Major Jump statements should not be followed by dead code

The "Jump statements should not be followed by dead code" rule states that any statement that causes the execution to jump to another part of the code, such as a loop or an IF statement, should not be followed by any code that will not be executed. This is because such code is unnecessary and can lead to confusion and errors when debugging or maintaining the code. This rule helps ensure that the code is clean and efficient, and that any code that is written is actually being used.

Maintainability Minor Jump statements should not be redundant

The "Jump statements should not be redundant" rule states that SQL Server code should not contain redundant jump statements. Jump statements are commands that cause an immediate exit from a loop or block of code. Examples of jump statements include "BREAK", "GOTO", and "RETURN". Redundant jump statements are those that are unnecessary, as they do not add any value to the code and can lead to confusion. The use of redundant jump statements should be avoided in SQL Server code, as they can lead to unexpected behavior and can make the code difficult to understand.

Maintainability Minor LIKE clauses should not be used without wildcards

The "LIKE clauses should not be used without wildcards" code rule for SQL Server dictates that any LIKE clause used within a query should include a wildcard character. Wildcards are special characters used to represent one or more characters in a string. The two most common wildcard characters are the percent sign (%) and the underscore (_). For example, a LIKE clause used to search for all customers whose last name starts with "Mc" would be written as "LIKE 'Mc%'". Without the wildcard character, the query would only return results for customers whose last name is exactly "Mc".

Maintainability Major LIKE clauses should not start with wildcard characters

The rule "LIKE clauses should not start with wildcard characters" means that when using the LIKE clause in SQL Server, wildcard characters such as % and _ should not be used as the first character in the clause. This is because wildcards are used to match any character or string of characters, so starting with one will cause the query to return too many results. This can cause performance issues and make it difficult to interpret the results.

Maintainability Minor Lines should not be too long

The "Lines should not be too long" code rule for SQL Server states that lines of code should not exceed 80 characters in length. This is to ensure that the code is easier to read and understand. Longer lines can make it difficult to read and understand the code, and can also make it difficult to debug or modify the code. By limiting the length of lines, code is more manageable and easier to work with.

Maintainability Minor Local variable and parameter names should comply with a naming convention

The "Local variable and parameter names should comply with a naming convention" code rule states that all local variables and parameters used in a SQL Server database should be named in accordance with a specific naming convention. This helps to ensure better readability and maintainability of the code. For instance, a naming convention might require that all local variables start with a lowercase letter, and all parameters start with an uppercase letter. Additionally, the naming convention might also include rules for how to name objects, such as tables, stored procedures, etc. By following a naming convention, it becomes easier for developers to quickly identify the purpose of a variable or parameter.

Bug Major Loops with at most one iteration should be refactored

The "Loops with at most one iteration should be refactored" code rule for SQL Server suggests that any loop that has a single iteration should be refactored into a simpler code structure. This is because, in most cases, a loop with a single iteration can be replaced with a simpler code structure that can be more easily understood and maintained. By refactoring the code, it can improve the readability and maintainability of the code and reduce the risk of errors. Additionally, it can improve the performance of the code by reducing the amount of unnecessary looping operations.

Maintainability Minor Methods must not be empty

The SQL Server code rule "Methods must not be empty" requires that all methods in a SQL Server program must contain code and not be left empty. This rule is in place to ensure that all methods are properly defined and implemented, and that they are not left empty or incomplete. This rule also helps to ensure that all methods are properly tested and debugged, as an empty method would not be able to be tested or debugged. This rule is important for maintaining code quality and ensuring that all methods are properly implemented.

Maintainability Major Multiline blocks should be enclosed in BEGIN...END blocks

The Multiline blocks should be enclosed in BEGIN...END blocks rule states that any SQL Server code containing multiple lines of code should be enclosed with a BEGIN...END block. This is to ensure that all lines of code are executed together as a single unit and that any errors that occur are handled in the same way. It also helps to make code easier to read and debug.

Maintainability Minor Multiple variables should not be declared on the same line The code rule "Multiple variables should not be declared on the same line" states that when declaring multiple variables in a SQL Server script, each variable should be declared on a separate line. This helps to improve readability and maintainability of the code, and can also help to detect errors, such as typos, more easily. Additionally, when debugging code, it can be easier to identify which line a specific variable is declared on.
Maintainability Minor Naming conventions must be applied

The "Naming conventions must be applied" code rule for SQL Server requires that all database objects, such as tables and columns, must be named according to a specific set of conventions. These conventions are designed to improve the readability of the code and to make it easier to identify the purpose of each object. The conventions may include the use of upper and lower case letters, underscores, and other formatting rules. Following these conventions will help ensure that the code is easier to read and maintain.

Maintainability Critical NOCOUNT should be activated on PROCEDURE and TRIGGER definitions

The "NOCOUNT should be activated on PROCEDURE and TRIGGER definitions" rule states that the NOCOUNT option should be enabled for all stored procedures and triggers. This option prevents the query processor from returning the number of rows affected by each statement in a batch or stored procedure. This can help improve performance by reducing the amount of data sent over the network. It is recommended to enable this option for all stored procedures and triggers to ensure optimal performance.

Maintainability Minor Non-standard comparison operators should not be used

The rule "Non-standard comparison operators should not be used" states that any comparison operators other than the standard ones provided by SQL Server should not be used. This includes operators such as <, >, =, !=, <>, etc. These operators should only be used for comparing values in the same type, and not for comparing values between different types. This rule is important for ensuring that queries are properly formed and that data is accurately compared.

Bug Major NULL should not be compared directly

The SQL Server code rule "NULL should not be compared directly" means that when comparing two values, an explicit comparison operator should be used instead of just comparing the values directly. This is because a direct comparison of two NULL values will always return true, which may not be the desired result. Instead, an explicit comparison operator should be used to ensure the comparison is done correctly. For example, instead of writing "IF x = NULL", the code should be written as "IF x IS NULL".

Bug Critical Nullable subqueries should not be used in NOT IN conditions

This rule states that subqueries that produce NULL values should not be used in NOT IN conditions. This is because when a subquery produces a NULL value, it is not considered an element of the set that is being compared, and thus the comparison will always return false. This can lead to unexpected results, and should be avoided. To ensure that the comparison works as expected, use a NOT EXISTS condition instead.

Maintainability Minor Objects should not be duplicated (same name and same type)

The rule "Objects should not be duplicated (same name and same type)" states that within a SQL Server database, objects should not have the same name and type. This means that if an object of a certain type (e.g. table) with a certain name already exists, then an additional object of the same type and name should not be created. This is important to ensure that the database is organized and efficient, and that objects are not unnecessarily duplicated.

Bug Major Output parameters should be assigned

The "Output parameters should be assigned" rule states that any output parameters declared in a SQL Server stored procedure should be assigned a value before the procedure is executed. This ensures that the output parameters are not left unassigned, which can lead to unexpected behavior and errors. Additionally, this rule helps to make the code more readable and maintainable by making it clear which output parameters are being used and what values they should be assigned.

Maintainability Major Queries should not join too many tables

The "Queries should not join too many tables" code rule states that when writing SQL queries, it is important to limit the number of tables that are joined in the query. Joining too many tables can lead to complex queries that are difficult to read, debug, and maintain. Additionally, joining too many tables can lead to decreased performance, as the query optimizer must process more data to return the desired result set. Therefore, it is recommended to limit the number of tables joined in a query to improve readability and performance.

Bug Major Queries that use TOP should have an ORDER BY

The SQL Server code rule "Queries that use TOP should have an ORDER BY" requires that when using the TOP clause in a query, an ORDER BY clause must also be included. This ensures that the results of the query are in a predictable order. Without an ORDER BY clause, the order of the results is not guaranteed. This rule is in place to ensure that the results of the query are consistent and predictable.

Maintainability Major Redundant pairs of parentheses should be removed

The "Redundant pairs of parentheses should be removed" SQL Server code rule aims to reduce unnecessary complexity in code and improve readability by removing redundant parentheses. This rule applies to all SQL Server code, including SELECT, INSERT, UPDATE, and DELETE statements. Redundant parentheses are those that are not required to determine the order of operations in the code. Removing these parentheses can help make the code easier to read and understand, as well as reducing the amount of code needed to accomplish a given task. Additionally, removing redundant parentheses can help improve the performance of the code by reducing the amount of time needed to parse the code.

Bug Major Related IF/ELSE IF statements and WHEN clauses in a CASE should not have the same condition

The "Related IF/ELSE IF statements and WHEN clauses in a CASE should not have the same condition" SQL Server code rule states that when using IF/ELSE IF statements and WHEN clauses in a CASE statement, the conditions should be different. This ensures that the correct logic is being used and that the code is not redundant. If the same condition is used for multiple IF/ELSE IF statements or WHEN clauses, then the code will not be as efficient as it could be and could lead to unexpected results. It is important to ensure that the conditions are different for each IF/ELSE IF statement and WHEN clause in order to ensure that the code is efficient and that the results are as expected.

Maintainability Minor Reserved keywords should not be used as identifiers or object names

The rule "Reserved keywords should not be used as identifiers or object names" in SQL Server means that any words that are part of the SQL Server language should not be used as identifiers or object names. This includes words like SELECT, INSERT, UPDATE, DELETE, WHERE, and ORDER BY. Using these words as identifiers or object names can cause confusion and lead to errors. It is best to use more descriptive names for identifiers and object names to avoid any potential confusion or errors.

Maintainability Minor Scripts must be commented

The "Scripts must be commented" rule for SQL Server code states that all scripts must include comments that explain the purpose of the code and the actions it is taking. This is important for the readability of the code, as well as for maintenance and debugging. It is also important for ensuring that the code is understandable by other developers who may need to work with it in the future. The comments should be clear and concise, and should include any assumptions that have been made when writing the script, as well as any potential pitfalls that may be encountered. By following this rule, developers can ensure that their code is well documented and easily understandable by others.

Maintainability Minor Scripts must not exceed a certain size

This SQL Server code rule states that scripts should not exceed a certain size. This is to ensure that scripts are manageable and maintainable. It also helps to reduce the risk of errors and improve performance. Scripts that are too large can be difficult to debug and can cause performance issues. By limiting the size of scripts, developers can ensure that scripts are manageable and maintainable. This rule should be enforced to ensure that scripts are well-structured and optimized for performance.

Maintainability Critical SELECT statements used as argument of EXISTS statements should be selective

The SELECT statements used as argument of EXISTS statements should be selective rule states that when using SELECT statements as part of an EXISTS statement, the SELECT statement should be designed to return a small number of results. This means that the SELECT statement should include a WHERE clause with conditions that will limit the number of rows that are returned from the query. This will help ensure that the EXISTS statement runs quickly and efficiently.

Vulnerability Critical SHA-1 and Message-Digest hash algorithms should not be used in secure contexts

This rule states that the SHA-1 and Message-Digest hash algorithms should not be used in secure contexts, as they are no longer considered secure and have been replaced by more secure algorithms. These algorithms can still be used for non-secure purposes, such as verifying file integrity or generating checksums, but should not be used for authentication or other secure operations. It is important to ensure that any applications or systems that use these algorithms are updated to use a more secure algorithm.

Maintainability Critical Size should be specified for varchar variables and parameters

The "Size should be specified for varchar variables and parameters" rule for SQL Server code states that when declaring variables and parameters of the varchar data type, the size of the variable or parameter should be specified. This helps ensure that the data stored in the variable or parameter is of the correct size and that it does not exceed the maximum size of the data type. Without specifying a size, the data stored in the variable or parameter could be truncated or cause an error when it exceeds the maximum size of the data type.

Maintainability Major Statements should be on separate lines

The "Statements should be on separate lines" code rule for SQL Server means that each individual statement should be written on its own line. This helps to improve readability and maintainability of code. It also helps to ensure that any changes to the code are easier to identify and modify, as each statement is clearly separated from the other statements. This rule helps to ensure that SQL code is easier to read and understand, and can help to reduce the chances of errors or typos occurring.

Maintainability Minor String literals should not be duplicated

The "String literals should not be duplicated" code rule for SQL Server ensures that string literals are not used multiple times in a query or stored procedure. This rule helps to reduce code complexity, as well as improve readability and maintainability of the code. It also helps to minimize the amount of code that needs to be written, as well as reduce the chances of errors being introduced as a result of duplicate strings.

For example, if a query contains the same string literal multiple times, it can be replaced with a single reference. This can help to improve the performance of the query, as well as reduce the amount of code that needs to be written and maintained.

Bug Critical Syntax Errors

The SQL Server Code Rule "Syntax Errors" checks for syntax errors in Transact-SQL code. It ensures that the code is syntactically correct and that it can be parsed and compiled without any errors. This rule helps identify any syntax errors that may exist in the code and provides suggestions on how to fix them. It also flags any code that may be syntactically correct but may not produce the expected results. This rule is useful for ensuring that the code runs as expected and does not cause any unexpected errors.

Maintainability Minor Tabulation characters should not be used

The "Tabulation characters should not be used" rule in SQL Server states that tab characters should not be used to define or separate elements in a query, such as keywords, identifiers, literals, or operators. Instead, spaces should be used as the separator. This is to ensure that the query is readable and consistent across different platforms.

Bug Critical The number of variables in a FETCH statement should match the number of columns in the cursor

The FETCH statement in SQL Server should have the same number of variables as the number of columns in the cursor. This ensures that the correct data is retrieved from the database. If the number of variables does not match the number of columns, then the query will fail. This rule helps to ensure that the data being retrieved is accurate and complete.

Maintainability Major Track lack of SQL Server session configuration The Track lack of SQL Server session configuration code rule checks whether SQL Server session settings are configured correctly. It will detect any lack of configuration that could lead to degraded performance or security issues. This code rule is part of the Microsoft Security Code Analysis extension and is used to identify any configuration settings that are not properly set. The rule checks for the following session settings: - Max Degree of Parallelism - Cost Threshold for Parallelism - Remote Query Timeout - Lock Timeout - Deadlock Priority - Query Wait - Security Settings The rule will detect any lack of configuration that could lead to degraded performance or security issues. It is important to ensure that these settings are properly configured to ensure optimal performance and security.
Maintainability Major Track uses of FIXME tags The Track uses of FIXME tags code rule tracks the use of FIXME tags in SQL Server code. FIXME tags are used to indicate that certain portions of code need to be addressed or fixed. The rule scans the code for any occurrences of the tag and reports them as potential problems. This rule helps developers to identify areas of code that need to be addressed before deployment.
Maintainability Information Track uses of TODO tags The "Track uses of TODO tags" rule in SQL Server code checks for the presence of TODO tags in the code. This rule is used to identify sections of code that require additional work or need to be revisited in the future. The rule will flag any code that contains the words "TODO" or "FIXME" so that developers can easily identify sections of code that need additional attention. This rule can help ensure that code is written in a maintainable way and that any incomplete or potentially problematic code is addressed in a timely manner.
Maintainability Minor Triggers should not PRINT, SELECT, or FETCH

The "Triggers should not PRINT, SELECT, or FETCH" rule states that triggers should not use the PRINT, SELECT, or FETCH commands when executing code. These commands are used to display data from a database, and should not be used in triggers because they can cause unexpected results. Instead, triggers should use the INSERT, UPDATE, and DELETE commands to modify data in a database. This rule ensures that triggers are used properly and do not cause unexpected results.

Maintainability Major Two branches in a conditional structure should not have exactly the same implementation

The "Two branches in a conditional structure should not have exactly the same implementation" rule for SQL Server code states that when a conditional structure is used, such as an "IF/ELSE" statement, the two branches must have different implementations. This rule is important for ensuring that the code is optimized and that redundant code is avoided. The two branches should be distinct and have different implementations to ensure that the code is efficient and maintainable.

Bug Major Unary prefix operators should not be repeated

The rule "Unary prefix operators should not be repeated" states that unary prefix operators should not be used more than once in a statement. Unary prefix operators are operators that operate on one value, such as the minus sign (-) or the plus sign (+). Repeating these operators can lead to confusion and errors in the code, and should be avoided.

Maintainability Minor Unused local variables should be removed

The "Unused Local Variables Should Be Removed" code rule for SQL Server requires that any unused local variables be removed from the code. Unused local variables are variables that are declared but not used in the code. This rule is designed to help keep code clean and efficient by removing unnecessary variables that are declared but not used. Removing unused variables can help improve the readability of the code and reduce the amount of memory and processor resources used by the code. This rule can be enforced by a code analysis tool or manually by a developer.

Maintainability Major Unused procedure and function parameters should be removed

This rule states that any procedure or function parameters that are not used within the code should be removed. This helps to reduce unnecessary clutter and complexity in the code, while also making it easier to read and understand. Additionally, it can help to ensure that the code is performing optimally by eliminating any unused parameters that may be slowing down the execution time. Removing unused parameters can also help to reduce the risk of potential security vulnerabilities, as any potential attackers would have fewer parameters to exploit.

SecurityWarning Minor Using hardcoded IP addresses is security-sensitive

Using hardcoded IP addresses in SQL Server code is considered to be security-sensitive because it can easily be exploited by malicious actors. This is because hardcoded IP addresses are static and can be easily identified by hackers, which makes them vulnerable to attack. Additionally, hardcoded IP addresses can be used to bypass authentication and authorization checks, allowing malicious actors to access sensitive data or gain unauthorized access to a system. To prevent this, developers should avoid using hardcoded IP addresses in their code and instead use dynamic IP addresses that change regularly. Additionally, developers should always use secure protocols and encryption when communicating with external systems.

Bug Major Variables should not be self-assigned

The rule "Variables should not be self-assigned" states that variables should not be assigned a value that is equal to its own existing value. This rule is important when writing SQL Server code, as assigning a variable to itself can lead to unexpected results. Self-assigning variables can also lead to poor performance, as the server will need to evaluate and assign the same value multiple times. In order to ensure optimal performance and accuracy, variables should only be assigned values that differ from their existing value.

Maintainability Major WHEN clauses should not have too many lines of code The WHEN clauses should not have too many lines of code rule is a best practice for SQL Server code. This rule states that when writing a SQL Server query, each WHEN clause should contain no more than a few lines of code. This will help to improve readability and reduce complexity, while also making it easier to debug and maintain the query. Additionally, having too many lines of code in a WHEN clause can lead to performance issues.
Bug Major WHERE clause conditions should not be contradictory

This SQL Server code rule states that conditions in the WHERE clause of a query should not be contradictory. This means that the conditions should not be mutually exclusive or logically impossible. Contradictory conditions can lead to incorrect results and should be avoided.

For example, if a query contains the following WHERE clause:

WHERE age > 18 AND age < 18

This would be considered a contradictory condition as it is logically impossible for a person to be both older than 18 and younger than 18 at the same time. Therefore, this condition should be avoided.

Bug Major WHERE clauses should not contain redundant conditions

The "WHERE clauses should not contain redundant conditions" code rule states that WHERE clauses should not contain conditions that are unnecessary or redundant. This means that the WHERE clause should only contain conditions that are necessary for the query to return the desired results. Redundant conditions can lead to inefficient query execution as the engine will need to process them unnecessarily. Furthermore, redundant conditions can lead to incorrect query results if the conditions are not logically equivalent. It is therefore important to ensure that the WHERE clause contains only the necessary conditions.