UPDATE statement with no WHERE clause
Part of Code Quality & Syntax, which counts for 20% of the overall score. When this check fires it deducts 15 points from that category, once per scan, no matter how many places it turns up.
What it detects
An UPDATE statement has no WHERE clause anywhere before its terminating semicolon, so it rewrites every row in the table. This is almost always an accidental omission rather than an intended bulk update.
Why it matters
An UPDATE with no WHERE clause rewrites every row in the table the moment it runs. In a migration this typically runs unattended in CI/CD or during deploy, so there is no interactive prompt to catch the mistake before it hits production data. Recovering from it means restoring from a backup, if one exists and is recent enough.
How to fix it
Add a WHERE clause that scopes the statement to the rows you actually intend to change. If every row genuinely needs the same update, make that explicit with a comment and a safety check (for example a row-count assertion before and after) so a reviewer can tell it was intentional rather than a forgotten clause.
The paid report includes a ready-to-paste prompt for your AI coding agent for every check it finds, pointed at the exact findings from your scan. See pricing
Does your repo trip this check?
Paste a GitHub URL or drop a project folder. Scans run in your browser and take seconds.
Scan your repo