Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Is it possible for a project using entirely LinqToSQL or Entity Framewok to suffer from SQL Injection.
I think that probably not because the SQL that the ORM generates should be sql-injection free. But I’m not sure.
When you use those frameworks as intended, i.e. the entities/tables directly, then no. All string comparisons (i.e.
where name = 'smith') are parameterized.The only vulnerable spots are:
any string can be executed directly against the context.
dbContext.ExecuteQuery();with any kind of destructive string.a stored procedure executing dynamic SQL using any parameters given