Skip to content

SQL Keyword Delimit

Whitespace should be used to separate SQL keywords.

What does this mean ?

SQL that is incorrectly constructed is likely to result in problems during runtime. When the space surrounding SQL keywords appears to be lacking, this rule highlights an issue.

What can happen ?

Errors are likely to occur throughout the execution process.

Recommendation

Whitespace should be used to separate SQL keywords.

Sample Code

Vulnerable :

string select = "SELECT p.fname, p.lname, p.street1, p.street2, p.city, p.state, p.zip" +
    "FROM person p" +  // Noncompliant; concatenates to: p.zipFROM
    "WHERE p.id = @ID";  // Noncompliant; concatenates to: pWHERE

Non Vulnerable :

string select = "SELECT p.fname, p.lname, p.street1, p.street2, p.city, p.state, p.zip" +
    " FROM person p" +
    " WHERE p.id = @ID";

Vulnerable :

string query = "SELECT p.fname, p.lname, p.street1, p.street2, p.city, p.state, p.zip" +
    "FROM person p" +  // Noncompliant; concatenates to: p.zipFROM
    "WHERE p.id = @ID";  // Noncompliant; concatenates to: pWHERE

Non Vulnerable :

string query = "SELECT p.fname, p.lname, p.street1, p.street2, p.city, p.state, p.zip" +
    " FROM person p" +
    " WHERE p.id = @ID";

Vulnerable :

$query = "SELECT p.fname, p.lname, p.street1, p.street2, p.city, p.state, p.zip" +
    "FROM person p" +  // Noncompliant; concatenates to: p.zipFROM
    "WHERE p.id = @ID";  // Noncompliant; concatenates to: pWHERE

Non Vulnerable :

$query = "SELECT p.fname, p.lname, p.street1, p.street2, p.city, p.state, p.zip" +
    " FROM person p" +
    " WHERE p.id = @ID";

References