SQL Keyword Delimit
Whitespace should be used to separate SQL keywords.
What does this mean ?
SQL that is incorrectly constructed is likely to result in problems during runtime. When the space surrounding SQL keywords appears to be lacking, this rule highlights an issue.
What can happen ?
Errors are likely to occur throughout the execution process.
Recommendation
Whitespace should be used to separate SQL keywords.
Sample Code
Vulnerable :
string select = "SELECT p.fname, p.lname, p.street1, p.street2, p.city, p.state, p.zip" +
"FROM person p" + // Noncompliant; concatenates to: p.zipFROM
"WHERE p.id = @ID"; // Noncompliant; concatenates to: pWHERE
Non Vulnerable :
string select = "SELECT p.fname, p.lname, p.street1, p.street2, p.city, p.state, p.zip" +
" FROM person p" +
" WHERE p.id = @ID";
Vulnerable :
string query = "SELECT p.fname, p.lname, p.street1, p.street2, p.city, p.state, p.zip" +
"FROM person p" + // Noncompliant; concatenates to: p.zipFROM
"WHERE p.id = @ID"; // Noncompliant; concatenates to: pWHERE
Non Vulnerable :
string query = "SELECT p.fname, p.lname, p.street1, p.street2, p.city, p.state, p.zip" +
" FROM person p" +
" WHERE p.id = @ID";
Vulnerable :
$query = "SELECT p.fname, p.lname, p.street1, p.street2, p.city, p.state, p.zip" +
"FROM person p" + // Noncompliant; concatenates to: p.zipFROM
"WHERE p.id = @ID"; // Noncompliant; concatenates to: pWHERE
Non Vulnerable :
$query = "SELECT p.fname, p.lname, p.street1, p.street2, p.city, p.state, p.zip" +
" FROM person p" +
" WHERE p.id = @ID";