C# Code Analysis CA2000

Question

I have a function which I thought I had fixed the CA2000 warning in Code Analysis for, but it just won't go away. The warning is on SqlCommand. Here's the function:

protected internal void LogUserSession(int? managerID)
{
    using (var sqlCommand = new SqlCommand())
    {
        sqlCommand.SetCommand("usp_UserActivity_Create");

        SqlParameter prmSessionID = new SqlParameter();
        prmSessionID.ParameterName = "@sessionID";
        prmSessionID.Direction = ParameterDirection.Input;
        prmSessionID.SqlDbType = SqlDbType.VarChar;
        prmSessionID.Size = 32;
        prmSessionID.SetValue(SessionID);

        SqlParameter prmUsername = new SqlParameter();
        prmUsername.ParameterName = "@username";
        prmUsername.Direction = ParameterDirection.Input;
        prmUsername.SqlDbType = SqlDbType.VarChar;
        prmUsername.Size = 32;
        prmUsername.SetValue(Username);

        SqlParameter prmLoginID = new SqlParameter();
        prmLoginID.ParameterName = "@loginID";
        prmLoginID.Direction = ParameterDirection.Output;
        prmLoginID.SqlDbType = SqlDbType.Int;

        sqlCommand.Parameters.Add(prmSessionID);
        sqlCommand.Parameters.Add(prmUsername);
        sqlCommand.Parameters.Add(prmLoginID);

        using (sqlCommand.Connection = new SqlConnection(ConnectionStrings.MainApp))
        {
            sqlCommand.Connection.Open();
            sqlCommand.ExecuteNonQueryTryCatch();

            if (prmLoginID.Value != DBNull.Value) LoginID = Convert.ToInt32(prmLoginID.Value);
        }
    }
}

I have another function that to me looks no different but does not have a CA2000 warning associated to it. Here's that function:

public static bool IsAvailable(string username)
        {
            using (var sqlCommand = new SqlCommand())
            {
                sqlCommand.SetCommand("usp_UsernameIsAvailable");

                var prmUsername = new SqlParameter();
                prmUsername.ParameterName = "@username";
                prmUsername.Direction = ParameterDirection.Input;
                prmUsername.SqlDbType = SqlDbType.VarChar;
                prmUsername.Size = 32;
                prmUsername.SetValue(username);

                var prmReturnValue = new SqlParameter();
                prmReturnValue.ParameterName = "@returnValue";
                prmReturnValue.Direction = ParameterDirection.ReturnValue;
                prmReturnValue.SqlDbType = SqlDbType.Bit;

                sqlCommand.Parameters.Add(prmUsername);
                sqlCommand.Parameters.Add(prmReturnValue);

                using (sqlCommand.Connection = new SqlConnection(ConnectionStrings.ComplianceApps))
                {
                    sqlCommand.Connection.Open();
                    sqlCommand.ExecuteNonQueryTryCatch();

                    return Convert.ToBoolean(prmReturnValue.Value);
                }
            }
        }

I don't understand what's going on here and what I need to do to fix it.

Answer 1

The CA2000 warning is notorious for causing false positives. One of the things it does is when it finds more than 16 possible locations that can throw an exception, it just stops looking and flags the CA warning.

A very similar question with a response from Microsoft can be found here: http://social.msdn.microsoft.com/Forums/en-US/vstscode/thread/90f993a3-6bdf-4b62-9982-9247a655406d/

Connect bug tracking this issue: https://connect.microsoft.com/VisualStudio/feedback/details/725836/warning-ca2000-is-fired-on-a-sqlcommand-with-many-sqlparameters#details