Kingdom: Code Quality
Poor code quality leads to unpredictable behavior. From a user's perspective that often manifests itself as poor usability. For an attacker it provides an opportunity to stress the system in unexpected ways.
Code Correctness: Erroneous Null Comparison
Abstract
The expressions
x = NULL and x != NULL will always be false.Explanation
In PL/SQL, the value of
Example 1: The following statement will always be false.
NULL is indeterminate. It is not equal to anything, not even another NULL value. Also, a null value is never not equal to another value.Example 1: The following statement will always be false.
Example 2: The following statement will always be false.
checkNull BOOLEAN := x = NULL;
checkNotNull BOOLEAN := x != NULL;
References
[1] Steven Feuerstein Oracle PL/SQL Best Practices O'Reilly
[2] Standards Mapping - Common Weakness Enumeration CWE ID 480
desc.structural.sql.code_correctness_erroneous_null_comparison_plsql