,

CR0003: Non-ISO standard comparison operator found

Message

Non-ISO standard comparison operator found

Description

It is advisable to use ISO standard comparison operators instead of non-ISO standard operators to help ensure optimal cross-platform and future version compatibility.

  • Not equal to: Use <> instead of !=
  • Greater than or equal to: Use >= instead of !<
  • Less than or equal to: Use <= instead of !>

While it is currently acceptable to use such non-ISO operators, you should consider that statements that you create might not be supported on other ISO-compliant database management systems.

Also, non-ISO standard comparison operators may not be supported on future versions of SQL Server.

Author

Phil Streiff

Example

-- Test Case 1: The violation should be reported
SELECT Column1 FROM Table1 WHERE Column1 != 1
-- Test Case 2: The violation should be reported
SELECT Column1 FROM Table1 WHERE Column1 !< 1
-- Test Case 3: The violation should be reported
SELECT Column1 FROM Table1 WHERE Column1 !> 1

-- Test Case 4: A violation should not be reported
SELECT Column1 FROM Table1 WHERE Column1 <> 1
-- Test Case 5: A violation should not be reported
SELECT Column1 FROM Table1 WHERE Column1 >= 1
-- Test Case 6: A violation should no be reported
SELECT Column1 FROM Table1 WHERE Column1 <= 1

Download and try the CR0003 analysis rule.

,

CR0002: Avoid altering security within stored procedures

Message

Avoid altering security within stored procedures

Description

The rule checks and alerts for usage of GRANT, REVOKE, or DENY statements within the body of a stored procedure.
Avoid altering security within stored procedures, functions, and triggers. This can lead to unnecessary database calls, or it can hinder troubleshooting security permissions.

Author

Jeff Foushee

Example

CREATE PROCEDURE testsp_CR0002 (
    @Code VARCHAR(30) = NULL
)
AS

BEGIN
    IF @Code IS NULL
        SELECT * FROM Table1
    ELSE
        SELECT * FROM Table1 WHERE Code like @Code + '%'

    UPDATE MyTable SET Col1 = 'myvalue'

    BEGIN TRAN
        GRANT EXEC ON testsp_CR0002 to myuser
    COMMIT TRAN

    GRANT EXEC ON testsp_CR0002 to myuser  --IGNORE:CR0002

    REVOKE SELECT ON dbo.Table1 TO myuser

    DENY EXECUTE ON testsp_CR0002 to myuser

END

-- this is fine because it is outside of the stored procedure
GRANT EXEC ON testsp_CR0002 to myuser  

Download and try the CR0002 analysis rule.

,

CR0001: TOP (100) PERCENT

Message

TOP (100) PERCENT found

Description

This rule checks for the phrase “TOP (100) PERCENT”.
This phrase has no bearing unless the percentage is less than 100.
This phrase is commonly generated by creating a view in the SQL Server View Designer.

Author

Jeff Foushee

Example

SELECT TOP 100 PERCENT
LastName, FirstName, JobTitle, Department
FROM       HumanResources.vEmployeeDepartment
ORDER BY LastName ASC

 

Download and try the CR0001 analysis rule.