software composition analysis
Product
SAST
Catch vulnerabilities as you develop DAST
Test live web applications like an attacker SCA
Secure open-source and supply chain MAST
Secure mobile apps from code to store Compliance
Align with standards while shipping secure code
Resources
Vulnerability database Healthy Package
Blog News
Documentation
Pricing Partners About Us Log In
software composition analysis

T-SQL : Incorrect comparison with NULL

Classification

CWE CWE-480 CWE-754

Overview

The application performs incorrect comparison to NULL using =, !=, or <>. In the ANSI SQL standard, the value of NULL is defined as unknown. It is not equal to anything, not even another NULL value. Also, a null value is never not equal to another value. By default, T-SQL complies to the standard, but it can be changed using the SET ANSI_NULLS OFF command. It is recommended to make all T-SQL code ANSI compliant.

References

  1. CWE-480: Use of Incorrect Operator
  2. Null Values - msdn.microsoft.com

See also

T-SQL : Date conversion
T-SQL : Null encryption key
T-SQL : SQL injection