Avoid using dynamic queries

Production RiskSoftware ResiliencyProgramming Best Practices

Avoid using dynamic queries


This code insight shows that dynamic queries are difficult to test and can decrease the code understanding. Moreover, include dynamic coding in UI components can generate security issues if the content of the dynamic clauses is not filtered properly.


Why you should care

Avoid using dynamic coding as much as possible and check if dynamic content is filtered properly.

Business Impacts

Having the RETURN statement in the middle of the command makes rest of the code unproductive.  Lack of a RETURN statement would cause the code to function improperly and result in a loss of time.

Production Risk

CAST recommendations




About CAST and Highlight’s Code Insights

Over the last 25 years, CAST has leveraged unique knowledge on software quality measurement by analyzing thousands of applications and billions of lines of code. Based on this experience and community standards on programming best practices, Highlight implements hundreds of code insights across 15+ technologies to calculate health factors of a software.

See featuresHow it works