Home

Description

The rule "LIKE clauses should not start with wildcard characters" means that when using the LIKE clause in SQL Server, wildcard characters such as % and _ should not be used as the first character in the clause. This is because wildcards are used to match any character or string of characters, so starting with one will cause the query to return too many results. This can cause performance issues and make it difficult to interpret the results.

Key Benefits

• Increased Performance: By not starting LIKE clauses with wildcard characters, query processing time can be reduced significantly.
• Improved Security: Wildcard characters can be used to bypass security checks and access confidential data.
• Easier Maintenance: By following this rule, queries can be more easily maintained and modified.

Non-compliant Code Example

SELECT p.FirstName, p.LastName, ph.PhoneNumber  
FROM Person.PersonPhone AS ph  
INNER JOIN Person.Person AS p  
ON ph.BusinessEntityID = p.BusinessEntityID  
WHERE ph.PhoneNumber LIKE '%415'   --Non compliant code (Like clause is starting with wild cards)
ORDER by p.LastName;

Compliant Code Example

SELECT p.FirstName, p.LastName, ph.PhoneNumber  
FROM Person.PersonPhone AS ph  
INNER JOIN Person.Person AS p  
ON ph.BusinessEntityID = p.BusinessEntityID  
WHERE ph.PhoneNumber LIKE '415%'   --Compliant code (Like clause is not starting with wild cards)
ORDER by p.LastName;