7.2 Review Code

When reviewing code, first identify all dynamic SQL statements. Here are some key indicators that dynamic SQL is in use:

Next, check to make sure that bind arguments are used in all possible and practical instances. Where bind arguments cannot be used, make sure that the correct routines are used to filter and sanitize inputs.

Use this code review checklist for guidance.