All Products
Search

This Product

    Data Management:SQL review

    Document Center

    Data Management:SQL review

    Last Updated:Mar 28, 2026

    SQL review acts as an automated gatekeeper in your database change workflow. Before SQL statements reach your production environment, DMS validates each one against your configured security rules and returns prioritized optimization suggestions. This keeps code quality consistent and reduces the risk of SQL injection attacks.

    During the development phase of a project, SQL statements are used to insert, delete, modify, and query data to implement business logic. Reviewing these statements manually — one by one — requires significant DBA effort and slows development velocity. For example, the following CREATE TABLE statement is missing a primary key, table comments, and field comments, which violates common database development standards:

    CREATE TABLE `test_sql_review_table` (
  `id` bigint(20) unsigned NOT NULL AUTO_INCREMENT,
  `gmt_create` datetime NOT NULL,
  `name` varchar(256) DEFAULT NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;

    DMS automates this process through the SQL review feature, which integrates with the security rule module. You can customize SQL specifications in security rules — for example, requiring tables to have primary keys, or restricting the data type and number of primary key columns.

    Prerequisites

    Before you begin, ensure that you have:

    • A supported database type:

      • ApsaraDB RDS for MySQL, PolarDB for MySQL, AnalyticDB for MySQL, and MySQL databases that are not on Alibaba Cloud

      • ApsaraDB for MariaDB

      • PolarDB for Xscale

      • Oracle

      • PolarDB for PostgreSQL (Compatible with Oracle)

      • OceanBase

    • A database instance managed in Stable Change or Security Collaboration mode in DMS. For details, see Control modes.

    How it works

    When you submit a SQL Audit Ticket, DMS parses each SQL statement and checks it against the security rules configured for that database. Results are classified into four categories:

    • Must Improve — issues that must be fixed before the ticket can be approved

    • Potential Issue — issues that may cause problems and should be reviewed

    • Suggest Improve — optional optimizations that improve code quality

    • Index Recommendation — index changes that may improve query performance

    For details on configuring security rules, see SQL review optimization.

    Submit a SQL review ticket

    1. Log on to the DMS console V5.0.

    2. Navigate to the SQL Audit Ticket page:

      • In enhanced mode: Move the pointer over the 2023-01-28_15-57-17.png icon in the upper-left corner, then choose All Features > Database Development > SQL Review > SQL Audit Ticket.

      • In normal mode: In the top navigation bar, choose Database Development > SQL Review > SQL Audit Ticket.

    3. In the upper-right corner of the SQL ReviewTickets page, click SQL Review.

    4. On the Ticket Application page, configure the following parameters.

      ParameterDescription
      Project nameA name for this review project.
      DatabaseThe database to review SQL against. Enter the database name or use a percent sign (%) prefix to search. You must have query permissions on the database. For details, see View owned permissions.
      Business backgroundThe purpose or objective of the SQL review. Filling this in reduces back-and-forth communication with reviewers.
      Change stakeholderStakeholders involved in the review. All specified stakeholders can view the ticket details and participate in the approval process. Other users (except DMS administrators and database administrators (DBAs)) cannot view ticket details.
      FileHow to upload SQL files. Select Upload to attach one or more SQL files, or select Enter text to paste SQL statements directly. Supported formats: XML (iBATIS or MyBatis framework) and TXT. See Sample SQL files for examples.

    5. Click Save. DMS parses the uploaded SQL files and reviews each statement against the database's security rules.

    Review results and next steps

    After DMS completes the review, each ticket shows one of the following states.

    StateMeaningWhat to do
    PassedNo must-fix issues found. May include potential issues or suggestions.Click Details to view suggestions. Click Adjust SQL to edit statements if needed.
    FailedOne or more must-fix issues found.Click Details to view the issues. Click Adjust SQL to fix the statements, then resubmit.
    Approve or DisapproveThe SQL contains historical issues that cannot or do not need to be resolved, beyond the automated review results.In the Operation column, choose Manual Review > Approve or Manual Review > Disapprove.
    Parsing ExceptionDMS cannot parse one or more statements.Click Adjust SQL to correct the statements, then resubmit for precheck.
    Pending AnalysisStatements are queued for review.No action required. Wait for the review to complete.

    After reviewing and fixing any issues:

    1. In the Approval step, click Submit for Approval.

    2. A DMS administrator or DBA performs a final check.

    3. Once approved, the ticket is closed.

    If modified SQL statements still fail the check or cannot be parsed, an error message appears after you click Submit for Approval.

    Sample SQL files

    Download sample files to see the supported formats:

    What's next