Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Proper way to make SQL queries in code? [closed]

I am using SQL Server in Visual Studio. I am making a web application.

I have created a database with tables and relationships.

I will need to write functions in C# that will be able to make select, update, delete, queries etc. Does anyone have any insight into a proper way to do this to keep things clean and secure?

By this I mean, how should I be making a connection, how should I return data, deal with failures, etc?

Most tutorials I found do not seem to use best practices.

like image 419
jmasterx Avatar asked Jan 14 '13 21:01

jmasterx


2 Answers

Is there a good reason you're not using an ORM? Entity Framework, Linq to SQL, NHibernate, just to name a few. Unless you're doing some pretty complex SQL statements, an ORM is the logical choice every time. It will handle the connections, provide some level of security (i.e. take steps to avoid SQL injection), as well as just make your code much easier to read and maintain.

like image 101
Eric Andres Avatar answered Oct 08 '22 17:10

Eric Andres


Microsoft's best practice "du jour" is Entity Framework. Otherwise an ORM such as NHibernate is a good choice as well.

like image 23
Otávio Décio Avatar answered Oct 08 '22 19:10

Otávio Décio