Home

LIKE clauses should not be used without wildcards

Description

    The rule "LIKE clauses should not be used without wildcards" in PL/SQL code means that when using the LIKE operator, it should always be accompanied by a wildcard character. Wildcard characters are used to create patterns in strings and can be used in conjunction with the LIKE operator to search for strings that match the pattern. For example, if you wanted to search for all strings that start with the letter "A", you would use the LIKE operator with the wildcard character "%A". Without the wildcard character, the LIKE operator would only search for strings that are exactly "A".

Key Benefits

  • Improved security: LIKE clauses should not be used without wildcards as they can open up potential security risks, such as exposing sensitive data to malicious actors.
  • Increased performance: Wildcards help to narrow down search results and reduce the amount of time required to process a query, improving the overall performance of the system.
  • More accurate results: Wildcards can help to ensure that the right results are returned, as they allow for a more precise search.

 

Non-compliant Code Example

SELECT
    NAME,
    ADDRESS,
    CREDIT_LIMIT
FROM
    CUSTOMERS
Where ADDRESS like 'BUNGALOWS';          --Non compliant code (Like clause used without wild-cards)

Compliant Code Example

SELECT
    NAME,
    ADDRESS,
    CREDIT_LIMIT
FROM
    CUSTOMERS
Where ADDRESS like '%BUNGALOWS%';       --Compliant code (Like clause used with wild-cards)
Visual Expert 2023
 VEPLSQLRULE35