Code Reviews
API Design
- Query string parameters and form variables validated
- Client input validated on the server
- Text input fields set to reasonable lengths
Code Structure
- Variables not reused within a method
- Methods and statements kept to a reasonable length
- Methods perform a single logical operation
- Named constants used instead of “magic” numbers
- Public properties used to access class fields
- Loops and/or flow control not used excessively within a method
- StringBuilder used instead of excessive string concatenation
- Unnecessary code repetition identified and addressed (if blocks of code are nearly copy-pasted, make a function)
- Remove commented code if it does not serve a purpose (include comment with purpose)
Database
- Database transactions used for logical units of work
- Naming conventions followed for database objects
- Stored procedures and views use explicit column names
- Check for inefficient algorithms or resource-intensive operations like DB Calls (run the SQL Profiler)
Error Handling
- Confirm that code handles errors gracefully and provides meaningful error messages
- No ignored exceptions unless commented with justification
- All unhandled exceptions logged in EATTS
- Exceptions not used for common or expected conditions
Naming
- Descriptive names used for classes, methods, properties, and fields
- Names (variables, classes, etc.) should be self-documenting
Work Management
- Remove/handle TODO statements, or comment why it can wait for a later release
