ADO.NET

What is ADO.net
ADO.net is data access architecture for the Microsoft .NET Framework. Difference between ADO and ADO.net
ADO used connected data usage, while ADO.net used disconnected data environment.
ADO used OLE DB to access data and is COM-based, while ADO.net uses XML as the format for transmitting data to and from your database and web application.
In ADO, Record set, is like a single table or query result, while in ADO.net Dataset, can contain multiple tables from any data source.
In ADO, it is sometime problematic because firewall prohibits many types of request, while in ADO.net there is no such problem because XML is completely firewall-proof.
SQLDataReader makes exclusive use of connection
The SQLDataReader object makes exclusive use of its SQLConnection object as long as it is open. You are not able to execute any other SqlCommand objects on that connection as long as the SQLDataReader object is open. Therefore, you should always call SQLDataReader.close() as soon as you are done retrieving data.

Strongly Typed Dataset Object
Strongly typed Dataset object allows you to create early-bound data retrieval expression.
Advantage of Strongly Typed dataset
It is faster than late-bound data retrieval expression.
Its column name is shown in intellisense as you type code.

FAQ collected from http://www.dng-ado.blogspot.com

Improving Performance with Connection Pooling
Opening a connection is a database-intensive task. It can be one of the slowest operations that you perform in an ASP.NET page. Furthermore, a database has a limited supply of connections, and each connection requires a certain amount of memory overhead (approximately 40 kilobytes per connection).
If you plan to have hundreds of users hitting your Web site simultaneously, the process of opening a database connection for each user can have a severe impact on the performance of your Web site.
Fortunately, you can safely ignore these bad warnings if you take advantage of connection pooling. When database connections are pooled, a set of connections is kept open so that they can be shared among multiple users. When you request a new connection, an active connection is removed from the pool. When you close the connection, the connection is placed back in the pool.Connection pooling is enabled for both OleDb and SqlClient connections by default.To take advantage of connection pooling, you must be careful to do two things in your ASP.NET pages. First, you must be careful to use the same exact connection string whenever you open a database connection. Only those connections opened with the same connection string can be placed in the same connection pool. For this reason you should place your connection string in the web.config file and retrieve it from this file whenever you need to open a connection
To take advantage of connection pooling in your ASP.NET pages, you also must be careful to explicitly close whatever connection you open as quickly as possible. If you do not explicitly close a connection with the Close() method, the connection is never added back to the connection pool.

FAQ collected from http://www.dng-ado.blogspot.com
SQL Injection Problem
SQL injection is a strategy for attacking databases.
Example1:An ASP page asks the user for a name and a password, and then sends the following string to the database: SELECT FROM users WHERE username = 'whatever' AND password = 'mypassword'It seems safe, but it isn't. A user might enter something like this as her user name: ' OR 1>0 -- When this is plugged into the SQL statement, the result looks like this: SELECT FROM users WHERE username = '' OR 1>0 -- AND password = '' This injection comments out the password portion of the statement. It results in a list of all the names in the users table, so any user could get into your system. The easiest way to prevent this sort of injection is to parse the SQL string and remove any occurrences of "--" before passing the statement.
Example 2:You also have to beware of injections that contain semicolons because semicolons delimit SQL statements. Think about the implications of a user name like this: ' OR 1>0 ; DELETE Customers ; -- There are numerous ways a malicious user might penetrate your system using SQL injection and various defenses, but the simplest approach is to avoid dynamic SQL. Instead, use stored procedures everywhere. Thanks to the way SQL passes parameters, injections such as those above will produce errors, and the stored procedure will not execute.