[thelist] Data validation (Best Practice) - asp/sql server
Ken Schaefer
Ken at adOpenStatic.com
Thu Nov 18 17:24:56 CST 2004
: -----Original Message-----
: From: thelist-bounces at lists.evolt.org
[mailto:thelist-bounces at lists.evolt.org] On
: Behalf Of Steve Lewis
: Sent: Friday, 19 November 2004 5:45 AM
: To: thelist at lists.evolt.org
: Subject: Re: [thelist] Data validation (Best Practice) - asp/sql server
:
: Michael Pack wrote:
:
: > I became a bit curious yesterday when I ran into a "Best Practice
: > for Validating User Input" article at MSDN that points out...
: >
: > *> Use stored procedures to validate user input.
:
: Vendor Lock: You cannot change persistence system vendors (MSSQL aint
: cheap. It isn't even competitive) because of your dependance on the
: stored proc syntax. (Guess why the vendor recommends you lock
: yourself to their product. HINT: That is how they stay in business in
: the competitive database market.)
Well, compared to Oracle, or DB2, I'd say SQL Server is fairly competitive -
we do plenty of work for companies that are using SQL Server.
Microsoft doesn't stay competitive in the enterprise RDBMS market by somehow
tricking people into writing validation code in stored procedures - please
stop being disingenuous.
The article, as Peter points out, deals with SQL Server apps. If this is some
kind of client-side app (eg you have some fat VB client on the desktop), then
you would need to consider having something on the server to validate input
(whether a component sitting in front of SQL Server, or inside SQL Server
itself) because (generally) you can't trust input from anything running on
the client.
Cheers
Ken
More information about the thelist
mailing list