StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

PO
primarykey
Id
1469514
data
AcceptedAnswerId
0
AnswerCount
0
ClosedDate
CommentCount
4
CommunityOwnedDate
CreationDate
2009-09-24T02:31:51.400
FavoriteCount
0
LastActivityDate
2009-09-24T02:31:51.400
LastEditDate
LastEditorUserId
0
OwnerUserId
8173
ParentId
1469450
PostTypeId
2
Score
2
ViewCount
0
LastEditorDisplayName
text
Body
<h2>You can't go wrong with the following general rules</h2> Validate everywhere! Where you validate determines the quality of the user experience. The closer to the user, the less safe it is but more responsive. The farther away, the safer but tends to give worse error messages. <ul> <li>Validate at the front-end to give the user a responsive error.</li> <li>Validate in the middle to give the user nicer error messages.</li> <li>Validate in the database (constraints and such) to keep your database sane.</li> </ul> Use parameters early, and use them often! Find those square pegs early. <ul> <li>Coerce data into the correct types as quickly as possible. (This is a form of validation.) If something is an int, don't handle it like a string.</li> <li>Don't throw away errors when checking parameters. If your regex doesn't match, or your <code>try { parse } catch { }</code> gets triggered it's important you know why and don't continue!</li> <li>Whether you use LINQ or roll-your-own SQL: do not build SQL statements with user-supplied data. EVER. Use parameterized queries and/or stored procedure calls. If you must piece-together SQL as strings, don't do it with user data. Get the "untrustworthy" data stored and manipulate it as needed later, in a separate query.</li> </ul> Encode all data passed to the user. The bad data may not be their fault, don't trash their world. <ul> <li>Assume that anything they pass you is full of JavaScript and HTML. Assume that "binary" data will find its way in. Someone will run your web page on something other than a "browser" eventually. Your "phone number" field will be used to store an <code>.EXE</code>.</li> <li>Return all data encoded and harmless. Don't assume that "because it's in the database" (or that it's an int, or that it's just a 1 character string) that it's harmless.</li> <li>Assume that eventually your database will fail you somehow. A developer will drop in "test" data, you'll miss an edge case above, or something may run amok and insert all-purpose crap. This crap has to be passed to the user safely.</li> </ul> Nobody's perfect: especially you. Plan for that.
Tags
Title
singulars
PostAcceptedAnswerId
1. This table or related slice is empty.
PostParentId
1. POHow do I handle user submitted data to ensure best practice programming?
 singulars
 PostTypePostTypeId
 PTQuestion
PostTypePostTypeId
1. PTAnswer
UserLastEditorUserId
1. This table or related slice is empty.
UserOwnerUserId
1. USClinton Pierce
plurals
PostLinksPostIdRelatedPostId
1. This table or related slice is empty.
PostLinksRelatedPostIdPostId
1. This table or related slice is empty.
PostsAcceptedAnswerId
1. POHow do I handle user submitted data to ensure best practice programming?
 singulars
 PostTypePostTypeId
 PTQuestion
PostsParentIdCreationDate
1. This table or related slice is empty.
VotesPostIdCreationDate
1. VO
 singulars
 PostPostId
 PO
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
2. VO
 singulars
 PostPostId
 PO
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTAcceptedByOriginator
3. VO
 singulars
 PostPostId
 PO
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
CommentsPostId

Querying!

Guidance

A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.