Home/ Questions/Q 59003
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-10T17:56:13+00:00

I have code like this: var newMsg = new Msg { Var1 = var1,

  • 0

I have code like this:

var newMsg = new Msg {     Var1 = var1,     Var2 = var2 };  using (AppDataContext appDataContext = new AppDataContext(ConnectionString)) {     appDataContext.CClass.InsertOnSubmit(newMsg);     appDataContext.SubmitChanges(); }

After reading this post I believe that the same logic applies.

Does anyone think that this is subject to SQL Injection Attack?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. The second answer in the post you’re referencing says it:

    LINQ to SQL uses execute_sql with parameters.

    It does not concatenate property values into a one big INSERT … VALUES(‘…’, ‘…’)

    • 0