I have a action filter which I am using to track user activity. I’m

Question

0

Asked: May 24, 20262026-05-24T23:05:34+00:00 2026-05-24T23:05:34+00:00

I have a action filter which I am using to track user activity. I’m

0

I have a action filter which I am using to track user activity. I’m also saving user agents to the database to see what devices my site is most commonly access through. My concern is SQL injection as if I use my browser to adjust my user agent I can inject sql. Does anyone have any idea how I could filter or validate these user agent strings?

ActionLog log = new ActionLog()
        {

            UserName = filterContext.HttpContext.User.Identity.Name,
            Controller = filterContext.ActionDescriptor.ControllerDescriptor.ControllerName,
            Action = filterContext.ActionDescriptor.ActionName,
            IP = filterContext.HttpContext.Request.UserHostAddress,
            DateTime = filterContext.HttpContext.Timestamp,
            UserAgent = filterContext.HttpContext.Request.UserAgent
        };
        db.AddToActionLogs(log);
        db.SaveChanges();

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-24T23:05:36+00:00

Editorial Team

2026-05-24T23:05:36+00:00Added an answer on May 24, 2026 at 11:05 pm

Entity Framework uses sql paramters, so basically you’re pretty much protected against sql-injections (at leats in the code sample you supplied)

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I have a action filter which I am using to track user activity. I’m

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply