Last post Jun 06, 2012 02:15 AM by nijhawan.saurabh
Jun 06, 2012 01:55 AM|leowidodo037|LINK
I am an ASP.NET programmer and using SQL Server for database . I am develop my project using my own concept.
I will explain detail my concept :
1. Every query and SQL statement will be in stored procedure, so sql statement in page aspx or code behind.
2. aspx page only render and modification data from stored procedure, like gridview show data from stored procedure.
I want to know if the concept that i use is secure or not ?
may be some one can give me suggestion or another alternative ?
Jun 06, 2012 02:08 AM|nijhawan.saurabh|LINK
Stored Procedures is definitely the right way to go as it'd help you avoiding SQL Injection (You need to pass in values to your SP's using parameters) and as they are precompiled , they'd help in increasing performance as well.
Jun 06, 2012 02:15 AM|nijhawan.saurabh|LINK
More advantages here:
It's definitely an Object oriented way of doing things, they let you abstract the definition of an action so maintainance becomes quiet easier.
1. They improve performance, since SPs are pre-compiled
2. Improved Security as compared to dynamic SQL
3. SPs allow your DBA to have easier access to the queries you're using, which in turn makes it easier for them to be optimized than if they're in your code.