Home
LIKE clauses should not start with wildcard characters
Description
The rule "LIKE clauses should not start with wildcard characters" means that when using the LIKE clause in SQL Server, wildcard characters such as % and _ should not be used as the first character in the clause. This is because wildcards are used to match any character or string of characters, so starting with one will cause the query to return too many results. This can cause performance issues and make it difficult to interpret the results.
Key Benefits
- Increased Performance: By not starting LIKE clauses with wildcard characters, query processing time can be reduced significantly.
- Improved Security: Wildcard characters can be used to bypass security checks and access confidential data.
- Easier Maintenance: By following this rule, queries can be more easily maintained and modified.
Non-compliant Code Example
SELECT p.FirstName, p.LastName, ph.PhoneNumber
FROM Person.PersonPhone AS ph
INNER JOIN Person.Person AS p
ON ph.BusinessEntityID = p.BusinessEntityID
WHERE ph.PhoneNumber LIKE '%415' --Non compliant code (Like clause is starting with wild cards)
ORDER by p.LastName;
Compliant Code Example
SELECT p.FirstName, p.LastName, ph.PhoneNumber
FROM Person.PersonPhone AS ph
INNER JOIN Person.Person AS p
ON ph.BusinessEntityID = p.BusinessEntityID
WHERE ph.PhoneNumber LIKE '415%' --Compliant code (Like clause is not starting with wild cards)
ORDER by p.LastName;