Minor
LIKE clauses should not be used without wildcards
Description
The "LIKE clauses should not be used without wildcards" code rule for SQL Server dictates that any LIKE clause used within a query should include a wildcard character. Wildcards are special characters used to represent one or more characters in a string. The two most common wildcard characters are the percent sign (%) and the underscore (_). For example, a LIKE clause used to search for all customers whose last name starts with "Mc" would be written as "LIKE 'Mc%'". Without the wildcard character, the query would only return results for customers whose last name is exactly "Mc".
Key Benefits
- Increased security: Using LIKE clauses without wildcards can lead to potential security risks as it can allow attackers to bypass authentication checks.
- Reduced complexity: Using LIKE clauses with wildcards simplifies the code and makes it easier to read and understand.
- Improved performance: Using LIKE clauses without wildcards can result in slower query performance as the database engine has to search for more data.
Non-compliant Code Example
SELECT p.FirstName, p.LastName, ph.PhoneNumber
FROM Person.PersonPhone AS ph
INNER JOIN Person.Person AS p
ON ph.BusinessEntityID = p.BusinessEntityID
WHERE ph.PhoneNumber LIKE '4154856178' --Non compliant code (Like clause is used without wild cards)
ORDER by p.LastName;
Compliant Code Example
SELECT p.FirstName, p.LastName, ph.PhoneNumber
FROM Person.PersonPhone AS ph
INNER JOIN Person.Person AS p
ON ph.BusinessEntityID = p.BusinessEntityID
WHERE ph.PhoneNumber LIKE '415%' --Compliant code (Like clause is used with wild cards)
ORDER by p.LastName;