Storing Connection Strings in the Web Configuration File

There are three reason for why storing connection strings is a bad idea.first, it is not good from perspective of security.in this case, no one should ever be able to view the source code of your ASP.NET pages, but in practice,hackers have discovered security flaws in the ASP.NET framework.so you should store your connection strings in a separate file.

second, adding a connection string to every page makes it difficult to manage a website,in other hand if you need change connection string, you only modifying the single file.

last, storing a connection string in a page can, potentially, hurt the performance of your application.

for these reason, you should always put your connection string in the web configuration file.

eXAMPLE

Web.Config

< ?xml version="1.0"?>
<>
<>
< name="student" connectionstring="Data Source=.\SQLEXPRESS; AttachDbFilename=|DataDirectory|MyData.mdf;Integrated Security=True; User Instance=True">
< /connectionStrings>
< /configuration>

displaystudent.aspx

< %@ Page Language="VB" %>
< !DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
< xmlns="http://www.w3.org/1999/xhtml">
< id="Head1" runat="server">
<>Show Movies
< /head>
< body>
< id="form1" runat="server">
< div>

< id="grdStudent" datasourceid="srcStudent" runat="server">

< id="srcStudent" selectcommand="SELECT * FROM student" connectionstring="<%$ ConnectionStrings:student %>">"
Runat="server" />

< /div>
< /form>
< /body>
< /html>

The expression <%$ ConnectionStrings:student %> is used to represent the connection string. This expression is not case sensitive.