Home
@@IDENTITY should not be used
Description
The code rule "@@IDENTITY should not be used" states that the global variable @@IDENTITY should not be used in SQL Server code. This variable is often used to retrieve the last identity value generated in the current session, but it can be unreliable and lead to unexpected results. Instead, the SCOPE_IDENTITY() function should be used to retrieve the last identity value generated in the current scope.
Key Benefits
- No Data Leakage: @@IDENTITY should not be used as it can lead to data leakage.
- Secure Connections: @@IDENTITY should not be used as it can lead to insecure connections.
- Increased Performance: @@IDENTITY should not be used as it can lead to decreased performance.
- Improved Security: @@IDENTITY should not be used as it can lead to improved security
Non-compliant Code Example
Declare @id INT;
SET @id = @@IDENTITY --Non compliant code
Compliant Code Example
Declare @id INT;
SET @id = SCOPE_IDENTITY() --Compliant code