Introduction to Asp.net

I. Methods to Improve performance:
1. Remember that database access is relatively expensive-it
Consumes both time and resources.
2. A control should be applied for multiple calls. It is best to put the flexibility in a local variation first.
Ii. Handling
1. Anti-token service
In general, you shoshould always check incoming parameters if the method is a public one-that is, it is
Called from outside the class. If it's a method that isn't accessible from outside of the class (private or
556
Chapter 15
Protected), then this is less important because you're probably supplying those parameters yourself,
Although this doesn' t necessarily mean the parameters will be correct-you might get the values from
Elsewhere before passing them into the method.
2. The solution to SQL injection is to use parameters, because these automatically prevent this type of attack.
If you're using Stored Procedures, which you shoshould be, then parameters are required for passing information
Into the procedure, but when you're building SQL dynamically, you can still use parameters. So if
You were running a sqlcommand, you cocould do this:
String SQL = "select * from employee where lastname = @ lastname"
Sqlcommand cmd = new sqlcommand (SQL, Conn );
Cmd. Parameters. append ("@ lastname", sqldbtype. varchar, 50 );
Cmd. paramaters ["@ lastname"]. value = lastname. text;
Here @ lastname is the parameter name, and because the value is assigned via the parameter, no SQL
Injection can take place. This is because ADO. Net protects against SQL injection attacks when using
Parameters-the values passed into parameters are checked for specific content that wowould signify
Attack.