I hate several things about programming in the .NET stack, well not really that they affect me now. But it is really some of the ways we teach new .NET programmers to program in the .NET stack. Primarily it relates to the way we teach newbies how to manager data access with the View and DataSource controls. Beyond that it is that far too often we teach by showing direct SQL calls instead of using more secure and optimized stored procedures. So here are some rules that .NET programmers need to learn to live by.
Never Use a View Control for Production
The GridView, ListView, FormView and DetailsView controls are not for production. They are for proof of concept and checking data during the early development cycle. Never let them go beyond that point. They not only produce a lot of useless code that take extra time to send across the wire, they are hard to customize. I have never met a client that wanted what any of these view controls produced on their sites.
By the time you customize the layout of these controls to meet the customer's desire, you could have easily used a repeater or just laid the markup out anyway. In fact it will be easier to maintain and still send much less across the wire.
Never Use a DataSource Control
While these can be a quick out to bind to a data control, they ultimately are completely unmaintainable and not very optimized. Think about it if you use a SQLDataSource on one page and then start copying and pasting it around your site for the same exact SQL statements, you will eventually make a nightmare. If you need to modify any of the SQL statements, you have to run through your entire site modifying each and every statement on each and every page. This is ultimately a production disaster that will happen very quickly in the development process if you rely on them.
Never Ever Make a Direct SQL Call
Stored Procedures should always be used for any SQL statements. First they are compiled and optimized for optimal performance. Second this will eliminate the chances of a SQL Injection attack. There is honestly no reason any ASP.NET site should ever be the victim of a SQL Injection attack. If you are, then you should fire your developers on the spot!
Using stored procedures also gives you a single place to maintain the interactions with your data. You also get great SQL tools like the SQL profiler and show plans to help you optimize the queries. On this topic, I am becoming less and less enamored with LINQ to SQL, because those queries just are not optimized, but that is another post for another day.
What Should You Do?
Well now that I have taken away the crutches how are you going to walk? Well first get comfortable with the Repeater control and making your own layouts for detail pages. You will quickly find this is very easy to work with. I use CodeSmith to generate my base layouts for both and I highly recommend using a code generator to help you be consistent.
Create a common data access layer to manage direct interactions with the database. I use the Data Access Application Blocks. I even have a wrapper class that I created to abstract away how to do direct SQL access. If I had to write code to retrieve a SQLDataReader I would fail, I have not done it in years!
Using these techniques will make you a much more efficient programmer, eliminate many long term maintenance issues and make your applications much more performant. It will also make customized layouts much easier to achieve. Ultimately your customer will be happier with you.