Proper way to make SQL queries in code? [closed]

Question

I am using SQL Server in Visual Studio. I am making a web application.

I have created a database with tables and relationships.

I will need to write functions in C# that will be able to make select, update, delete, queries etc. Does anyone have any insight into a proper way to do this to keep things clean and secure?

By this I mean, how should I be making a connection, how should I return data, deal with failures, etc?

Most tutorials I found do not seem to use best practices.

Answer 1

Is there a good reason you're not using an ORM? Entity Framework, Linq to SQL, NHibernate, just to name a few. Unless you're doing some pretty complex SQL statements, an ORM is the logical choice every time. It will handle the connections, provide some level of security (i.e. take steps to avoid SQL injection), as well as just make your code much easier to read and maintain.

Answer 2

Microsoft's best practice "du jour" is Entity Framework. Otherwise an ORM such as NHibernate is a good choice as well.