Home/ Questions/Q 8873491
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-14T18:28:41+00:00

I am using .NET 3.5, and looking at old code done by someone else

  • 0

I am using .NET 3.5, and looking at old code done by someone else and trying to add security and update it.

What are the best practices for accessing data in a web forms project?

Currently I am changing the code to use SQL parameterization, like so:

using (SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings[ConfigurationManager.AppSettings["defaultConnection"]].ConnectionString))
{
    using (SqlCommand myCommand = new SqlCommand(sql.ToString(), conn))
    {
        myCommand.Parameters.AddWithValue("search1", mySearchVar);
        ...

I know SQL parametization is important, but I see other people using stored procedures? Is they other ways, best practices to follow?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    If it’s not just small refactoring and you have time to rewrite your data access layer, use some ORM:

    NHibernate

    Entity Framework

    Dapper.NET (Stackoverflow ORM)

    BLToolkit

    • 0