How to filter special characters from user input?

Problem:
I am using a textbox to capture user entry to create a custom SQL select statement. I have everything working fine but I get an exception thrown when I wanted to search by city name and I entered, "Cox's Bazar" in the textbox.
Solution:
In this case you need to filter special characters from user input values that produce this error. You can filter user inputs using following method in your string helper class:


        /// <summary>
        /// Replace UnWanted Character from string
        /// </summary>
        /// <param name="input">Input string</param>
        /// <returns></returns>
        [DebuggerStepThrough()]
        public static string ReplaceUnWantedCharacter(string input)
        {
            input = input.Replace('+', ',');
            input = input.Replace("--", "++");
            input = input.Replace('&', ',');
            input = input.Replace("%", "[%]");
            input = input.Replace("_", "[_]");
            input = input.Replace("[", "[[]");
            input = input.Replace("]", "[]]");
            input = input.Replace("'", "''");
                        return input;
               }

the use of this method may be like:
string cityName = StringHelper.ReplaceUnWantedCharacter(txtCityName.Text.Trim());

Crystal Report Performance Improvement Tips

Problem:
How can I improve performance of crystal report in my web application?

Solution: Here is some important tips for improvement of crystal report performance in a web application:
1. Avoid using Linked OLE object if not extremely necessary. Locating OLE object is potentially time consuming.
2. Avoid using Sub-report if you can do same without sub-report. Incorrect use of sub report may have huge impact on performance.
3. Avoid special functions: Page N of M, Total Page Count. This cause the report more time to display first page.
4. Avoid unnecessary use of graphics. This may cause disk I/O which will impact on performance.
5. Remove un-used objects from report.
6. Remove or suppress unnecessary report section.
7. If summaries are used in the report, use conditional formulas instead of running totals when ever possible.
8. Whenever possible, limit records through Record selection Formula, not suppression. Return only necessary data from your data source.
9.  Perform grouping on database server.
10.Disable report option Verify of First Refresh and Verify Stored Procedure on First Refresh.

Hope this will help.

Please feel free to add your valuable comments.

Important points that programmers should remember while developing web application software

I have tried to find out some points that every programmer should remember while coding in web application:

1. Do R&D about business logic and make a plan how you will implement it before you start writing code.
2. Should write code easy, understandable and maintainable way.
3. Make sure you are developing application wide consistent look and feel.
4. Should think in OOP way. 
5. Try best practices that are established in the industry.
6. Maintain Naming convention
7. Transaction should be used properly and where necessary.
8. Remember concurrency issue while coding. 
9. Validation should be checked properly. Validation should be done at client side so far possible.
10. User or role based permission should be implemented properly so that user can’t do anything if not permitted.
11. Should do comments where necessary.
12. Should be aware about security of application and database.
13. Write less code to do more jobs. Do re-factor where possible.
14.  Think about performance of your code.
15. Make use of client side Ajax.
16. Be aware of hacking options like Sql Injection, Cross Site Scripting etc.
17. Should do paging on database end where data is more than 20 in grid.
18. Do less use of Session and ViewState.
19. Do caching where possible.
20. Always check existence of an object before accessing it.
21. Be careful about exception handling.
22. Write error log to identify errors.
23. Make sure you dispose large objects.
24. Grid should have a SL column.
25. Dropdown or combo values should be in a specific order.
26. Remove unnecessary code and comments from your page.
27. Set a title in each page. Don’t keep it like Untitled Page.
28. Include search option when data is more than 100 records in a page.
29. Use Namespace properly for pages and code files.
30. Show short and friendly error message to user but log error details.
31. Do not have more than one class in a single class.
32. Please write copy right and author information at the top of each file.
33. Avoid unnecessary round trip to database server. Use batch SQL statement to reduce round trip.
34. Use light weight controls. Choose controls carefully for your page.
35. Make your database normalized.
36. Make sure optimization of your queries.
37. Always deploy release build of your application.
38. Use release build and minimized version of any third party controls used.
39. Deploy your application on staging first and do all testing in staging.
40. Before deployment in production make sure necessary configuration and changes are done properly if needed. For example setting up new encryption key, encrypting sensitive information and setup application settings information etc. 
41. Develop a way to notify users with friendly message while doing some changes or maintenance task after deployment.
42. Make sure to check all major functionality is working properly after deployment.