Skip to main content
Code Review

Return to Question

added 41 characters in body; edited title
Source Link
Jamal
  • 35.2k
  • 13
  • 134
  • 238

What do you think of this coding style Platform for creating data-oriented web designers?apps

What do you think of the following coding style for ASP.NET MVC?

How can we improve it?

Any ideas for a better SQL Injection solution than the params array? Remember that the code should look clean and simple.

  1. What do you think of the following coding style for ASP.NET MVC?
  2. How can we improve it?
  3. Any ideas for a better SQL injection solution than the params array? Remember that the code should look clean and simple.
@(DB.Select(table: "pages", 
 where: "id = ? and date > ?",
 params: new[] { Request.QueryString["ID"], Request.QueryString["Date"] }))
<html>
<body>
 <ul>
 @foreach (var row in Model) {
 <li><a href="@row.URL">@row.Name</a></li>
 }
 </ul>
</body>
</html>

@(DB.Select(table: "pages", 
 where: "id = ? and date > ?",
 params: new[] { Request.QueryString["ID"], Request.QueryString["Date"] }))
<html>
<body>
 <ul>
 @foreach (var row in Model) {
 <li><a href="@row.URL">@row.Name</a></li>
 }
 </ul>
</body>
</html>

@(DB.InsertOnPost(table: "pages",
 fields: "name, description, date",
 values: "?, ?, Now",
 params: new[] { Request.Form["Name"], Request.Form["Description"] }))
@RedirectOnPost("/pages")
<form action="/pages/create" method="post">
 <div>
 <label for="name">Name</label>
 <input type="text" name="name" />
 </div>
 <div>
 <label for="description">Description</label>
 <textarea name="description"></textarea>
 </div>
</form>

@(DB.InsertOnPost(table: "pages",
 fields: "name, description, date",
 values: "?, ?, Now",
 params: new[] { Request.Form["Name"], Request.Form["Description"] }))
@RedirectOnPost("/pages")
<form action="/pages/create" method="post">
 <div>
 <label for="name">Name</label>
 <input type="text" name="name" />
 </div>
 <div>
 <label for="description">Description</label>
 <textarea name="description"></textarea>
 </div>
</form>

@(DB.UpdateOnPost(table: "pages",
 set: "name = ?, description = ?",
 where: "id = ?",
 params: new[] { Request.Form["Name"], Request.Form["Description"], 
 Request.QueryString["ID"] }))
@RedirectOnPost("/pages")
@(DB.Select(table: "pages", 
 where: "id = ?",
 params: new[] { Request.QueryString["ID"] })
<form action="/pages/edit" method="post">
 <div>
 <label for="name">Name</label>
 <input type="text" name="name" value="@Model.Name" />
 </div>
 <div>
 <label for="description">Description</label>
 <textarea name="description">@Model.Description</textarea>
 </div>
</form>

@(DB.UpdateOnPost(table: "pages",
 set: "name = ?, description = ?",
 where: "id = ?",
 params: new[] { Request.Form["Name"], Request.Form["Description"], 
 Request.QueryString["ID"] }))
@RedirectOnPost("/pages")
@(DB.Select(table: "pages", 
 where: "id = ?",
 params: new[] { Request.QueryString["ID"] })
<form action="/pages/edit" method="post">
 <div>
 <label for="name">Name</label>
 <input type="text" name="name" value="@Model.Name" />
 </div>
 <div>
 <label for="description">Description</label>
 <textarea name="description">@Model.Description</textarea>
 </div>
</form>

What do you think of this coding style for web designers?

What do you think of the following coding style for ASP.NET MVC?

How can we improve it?

Any ideas for a better SQL Injection solution than the params array? Remember that the code should look clean and simple.

@(DB.Select(table: "pages", 
 where: "id = ? and date > ?",
 params: new[] { Request.QueryString["ID"], Request.QueryString["Date"] }))
<html>
<body>
 <ul>
 @foreach (var row in Model) {
 <li><a href="@row.URL">@row.Name</a></li>
 }
 </ul>
</body>
</html>

@(DB.InsertOnPost(table: "pages",
 fields: "name, description, date",
 values: "?, ?, Now",
 params: new[] { Request.Form["Name"], Request.Form["Description"] }))
@RedirectOnPost("/pages")
<form action="/pages/create" method="post">
 <div>
 <label for="name">Name</label>
 <input type="text" name="name" />
 </div>
 <div>
 <label for="description">Description</label>
 <textarea name="description"></textarea>
 </div>
</form>

@(DB.UpdateOnPost(table: "pages",
 set: "name = ?, description = ?",
 where: "id = ?",
 params: new[] { Request.Form["Name"], Request.Form["Description"], 
 Request.QueryString["ID"] }))
@RedirectOnPost("/pages")
@(DB.Select(table: "pages", 
 where: "id = ?",
 params: new[] { Request.QueryString["ID"] })
<form action="/pages/edit" method="post">
 <div>
 <label for="name">Name</label>
 <input type="text" name="name" value="@Model.Name" />
 </div>
 <div>
 <label for="description">Description</label>
 <textarea name="description">@Model.Description</textarea>
 </div>
</form>

Platform for creating data-oriented web apps

  1. What do you think of the following coding style for ASP.NET MVC?
  2. How can we improve it?
  3. Any ideas for a better SQL injection solution than the params array? Remember that the code should look clean and simple.
@(DB.Select(table: "pages", 
 where: "id = ? and date > ?",
 params: new[] { Request.QueryString["ID"], Request.QueryString["Date"] }))
<html>
<body>
 <ul>
 @foreach (var row in Model) {
 <li><a href="@row.URL">@row.Name</a></li>
 }
 </ul>
</body>
</html>

@(DB.InsertOnPost(table: "pages",
 fields: "name, description, date",
 values: "?, ?, Now",
 params: new[] { Request.Form["Name"], Request.Form["Description"] }))
@RedirectOnPost("/pages")
<form action="/pages/create" method="post">
 <div>
 <label for="name">Name</label>
 <input type="text" name="name" />
 </div>
 <div>
 <label for="description">Description</label>
 <textarea name="description"></textarea>
 </div>
</form>

@(DB.UpdateOnPost(table: "pages",
 set: "name = ?, description = ?",
 where: "id = ?",
 params: new[] { Request.Form["Name"], Request.Form["Description"], 
 Request.QueryString["ID"] }))
@RedirectOnPost("/pages")
@(DB.Select(table: "pages", 
 where: "id = ?",
 params: new[] { Request.QueryString["ID"] })
<form action="/pages/edit" method="post">
 <div>
 <label for="name">Name</label>
 <input type="text" name="name" value="@Model.Name" />
 </div>
 <div>
 <label for="description">Description</label>
 <textarea name="description">@Model.Description</textarea>
 </div>
</form>
Added language tags
Link
Phrancis
  • 20.5k
  • 6
  • 69
  • 155
Source Link

What do you think of this coding style for web designers?

In my web development company, we have many designers who have the following development knowledge:

  • Client-side web languages (HTML, CSS, JavaScript)
  • Basic database design (how to create tables, relationships, etc), and
  • Basic SQL

So we thought about giving them a simple platform to create data-oriented web apps.

What do you think of the following coding style for ASP.NET MVC?

How can we improve it?

Any ideas for a better SQL Injection solution than the params array? Remember that the code should look clean and simple.

/apps/pages/index.html

@(DB.Select(table: "pages", 
 where: "id = ? and date > ?",
 params: new[] { Request.QueryString["ID"], Request.QueryString["Date"] }))
<html>
<body>
 <ul>
 @foreach (var row in Model) {
 <li><a href="@row.URL">@row.Name</a></li>
 }
 </ul>
</body>
</html>

/apps/pages/create.html

@(DB.InsertOnPost(table: "pages",
 fields: "name, description, date",
 values: "?, ?, Now",
 params: new[] { Request.Form["Name"], Request.Form["Description"] }))
@RedirectOnPost("/pages")
<form action="/pages/create" method="post">
 <div>
 <label for="name">Name</label>
 <input type="text" name="name" />
 </div>
 <div>
 <label for="description">Description</label>
 <textarea name="description"></textarea>
 </div>
</form>

/apps/pages/edit.html

@(DB.UpdateOnPost(table: "pages",
 set: "name = ?, description = ?",
 where: "id = ?",
 params: new[] { Request.Form["Name"], Request.Form["Description"], 
 Request.QueryString["ID"] }))
@RedirectOnPost("/pages")
@(DB.Select(table: "pages", 
 where: "id = ?",
 params: new[] { Request.QueryString["ID"] })
<form action="/pages/edit" method="post">
 <div>
 <label for="name">Name</label>
 <input type="text" name="name" value="@Model.Name" />
 </div>
 <div>
 <label for="description">Description</label>
 <textarea name="description">@Model.Description</textarea>
 </div>
</form>
lang-sql

AltStyle によって変換されたページ (->オリジナル) /