Skip to content

SQL Keyword Delimit

SQL keywords should be delimited by whitespace

What does this mean ?

Badly formed SQL is likely to cause errors at runtime. This rule raises an issue when the spacing around SQL keywords appears to be missing.

What can happen ?

Errors are likely to come at runtime.

Recommendation

SQL keywords should be delimited by whitespace.

Sample Code

Vulnerable :

string select = "SELECT p.fname, p.lname, p.street1, p.street2, p.city, p.state, p.zip" +
    "FROM person p" +  // Noncompliant; concatenates to: p.zipFROM
    "WHERE p.id = @ID";  // Noncompliant; concatenates to: pWHERE

Non Vulnerable :

string select = "SELECT p.fname, p.lname, p.street1, p.street2, p.city, p.state, p.zip" +
    " FROM person p" +
    " WHERE p.id = @ID";

Vulnerable :

string query = "SELECT p.fname, p.lname, p.street1, p.street2, p.city, p.state, p.zip" +
    "FROM person p" +  // Noncompliant; concatenates to: p.zipFROM
    "WHERE p.id = @ID";  // Noncompliant; concatenates to: pWHERE

Non Vulnerable :

string query = "SELECT p.fname, p.lname, p.street1, p.street2, p.city, p.state, p.zip" +
    " FROM person p" +
    " WHERE p.id = @ID";

Vulnerable :

$query = "SELECT p.fname, p.lname, p.street1, p.street2, p.city, p.state, p.zip" +
    "FROM person p" +  // Noncompliant; concatenates to: p.zipFROM
    "WHERE p.id = @ID";  // Noncompliant; concatenates to: pWHERE

Non Vulnerable :

$query = "SELECT p.fname, p.lname, p.street1, p.street2, p.city, p.state, p.zip" +
    " FROM person p" +
    " WHERE p.id = @ID";

References