What are the basic measures upon building a good form?

Basic measures when building forms that interact with the s开发者_JAVA技巧ql database. What are the security measures (check insert strings, sql injection etc), and Do people use special controllers in order to format their data? I am using GridView and realizing its tables, which I dont like. If so are there any suggestions for data formatting controllers? Thanks!

I'll give you a few tips.

First of all, a correct architecture won't have your web application directly access the database. It should talk to a higher level of abstraction, for instance:

Data Layer -> Business Layer -> Web application

In your data layer, you use some good ORM technology like Entity Framework or NHibernate that will free you of the pain of writing SQL and translating it into your business objects (the ORM will do that for you). Then your objects will travel through the business layer to your web application, where you will use them as you see fit. If you're oriented to a traditional web approach (with clean Http requests and such) you should really take a look into Asp.Net MVC for your web application layer. It doesn't use any ugly runat="server" tags, but clean and simply (x)html or html5, as you prefer, with the power of the new razor engine to dinamicize the views.

For more detailed information, check out the tutorials on asp.net/mvc

You shouldnt have to care about sql injection or string formats when building a form. This should be handled in your CMS or using the native asp.net functions.

The forms should be focused on what content you want to retrieve, both graphically and data wise.

• Leave request validation ON (the default)
• Don't create SQL by concatenating user input with SQL statements, use parametrized queries/procedures instead