I’ve seen and written too much stuff that violates these rules. Click the link after “Via” for the full article…

  1. Add a Low Privilege Account to the Admin Role
  3. Fetch Semi-static Data on Each Request of a Resource
  4. Include SQL Data Manipulation Language in Application Code
  5. Abuse SELECT *
  6. Create Stored Procedures without Exception Handling
  7. Prefix Stored Procedures with “sp_”
  8. You Don’t Protect the Database Connection String
  9. Accept All Input
  10. Access the Database from the Application with the “sa” Account

[Via dotnet junkies]