Using Parameters for SQL Server Queries and Stored Procedures (edit)

https://docs.microsoft.com/en-us/dotnet/api/system.data.sqlclient.sqlcommand.parameters?view=netframework-4.8

https://www.mssqltips.com/sqlservertip/2981/using-parameters-for-sql-server-queries-and-stored-procedures/

https://stackoverflow.com/questions/45064204/c-sharp-sql-server-add-parameter-to-query

https://csharp-station.com/Tutorial/AdoDotNet/Lesson06

Visual Studio Code Analysis 

  • Analyze code to see the report & suppress messages
  • Review SQL queries for security vulnerabilities: Using parameters in SQL Queries + Stored Procedure
  • Analysis Code
  • How to find unused code
  • How to find redundant code
  • How to find duplicate code

List of tools for static code analysis

ReSharperhttps://www.jetbrains.com/resharper/ (ReSharper makes Visual Studio a much better IDE - Code analysis, Refactorings, Navigation and search, Code generation)

ReSharper CommandLineToolsGOOD

SonarSource:  https://www.sonarsource.com/ (Continuous Code Quality - We solve problems that virtually every company developing software is facing)

  • Axivion Bauhaus Suite – A static code analysis tool suite for Ada, C, C++, C#, and Java code that performs various analyses such as architecture checking, interface analyses, MISRA checking, and clone detection.
  • Code Dx – Software application vulnerability correlation and management system that consolidates and normalizes software vulnerabilities detected by multiple static application security testing (SAST) and dynamic application security testing (DAST) tools, as well as the results of manual code reviews. Supports C, C++, C#, Java, JavaScript, JSP, PHP, Python, Rails, Ruby, Scala, VB.NET and XML/XSL.
  • ConQAT – Continuous quality assessment toolkit that allows flexible configuration of quality analyses (architecture conformance, clone detection, quality metrics, etc.) and dashboards. Supports Java, C#, C++, JavaScript, ABAP, Ada and many other languages.
  • Coverity – A static analysis tool for C, C++, C#, Objective-C, Java, Javascript, node.JS, Ruby, PHP, & Python.

 

 

  • Micro Focus Enterprise Analyzer and COBOL Analyzer. Static code analysis and visualization tools for legacy and mainframe applications. Analyze code in different languages including COBOL, PL/I, Natural, RPG, Java, Assembler, Easytrieve, VB, C/C++, PL/SQL, C#, VB.NET, KornShell, Job schedulers and more.
  • SonarQube – A continuous inspection engine that finds vulnerabilities, bugs and code smells.  Also tracks code complexity, unit test coverage and duplication. Supported languages: ABAP, Android (Java), C, C++, CSS, Objective-C, COBOL, C#, Flex, Forms, Groovy, Java, JavaScript, Natural, PHP, PL/SQL, Swift, Visual Basic 6, Web, XML, Python, Ruby, Go, Scala, Kotlin, Apex.
  • Parasoft dotTEST – A static analysis, unit testing, and code review plugin for Visual Studio; works with languages for Microsoft .NET Framework and .NET Compact Framework, including C#, VB.NET, ASP.NET and Managed C++.
  • Sonargraph – Supports C#, Java and C/C++ with a focus on dependency analysis, automated architecture check, metrics and the ability to add custom metrics and code-checkers.