Code Review
(Don't review for longer than 1 hour per session)
-
All unused "usings" are removed
-
Code is separated into correct layers (Presentation, Business, Data Layer)
-
Usage of 'out' and 'ref' keywords is avoided as recommended by Microsoft
-
Proper implementation of Exception Handling (try/catch and finally blocks) and logging of exceptions.
-
Comments are on top of all methods to describe their usage and expected input types and return type information.
-
Make sure there aren't any "Magic Numbers" in the code. Make Constants for these.
-
Sensitive information and passwords are encrypted
-
All input data is sanitized (especially user input, or exposed web service methods)
-
Confirm all database queries are using our most current accepted way of querying the database
-
Confirm resources are disposed of when not needed (file handles released when not needed, etc.)
-
The code checks for "null" whenever applicable
-
Code fragments are not duplicated when they could be pulled out into a common method/procedure (Dont Repeat Yourself) - Look for copy/pasted code as a red flag
-
Make sure reused values have one place they can be changed (Single Point Of Control)
-
Code is understandable and easily readable (are comments needed? are method names confusing? are variable names misleading?)
-
Similar values are put into Enums. (Status flags, Activity Types, Actions, etc.)
-
Check database isn't queried more than necessary. (Be suspicious of For Loops)