Home

@@IDENTITY should not be used

Description

    The code rule "@@IDENTITY should not be used" states that the global variable @@IDENTITY should not be used in SQL Server code. This variable is often used to retrieve the last identity value generated in the current session, but it can be unreliable and lead to unexpected results. Instead, the SCOPE_IDENTITY() function should be used to retrieve the last identity value generated in the current scope.

Key Benefits

  • No Data Leakage: @@IDENTITY should not be used as it can lead to data leakage.
  • Secure Connections: @@IDENTITY should not be used as it can lead to insecure connections.
  • Increased Performance: @@IDENTITY should not be used as it can lead to decreased performance.
  • Improved Security: @@IDENTITY should not be used as it can lead to improved security

 

Non-compliant Code Example

Declare @id INT;
SET @id = @@IDENTITY    --Non compliant code

Compliant Code Example

Declare @id INT;
SET @id = SCOPE_IDENTITY()    --Compliant code
Visual Expert 2024
 VETSQLRULE26