Just want to know from experts that is there any inbuilt security for SQL Injection in Entity Framework or .net MVC?
Thanks
Share
Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Just want to know from experts that is there any inbuilt security for SQL Injection in Entity Framework or .net MVC?
Thanks
It is only built in if you use it. Entity Framework provides strongly typed entity classes – if you only use Linq to Entities you will be protected against SQL injection attacks, the same is true though if you use parametrized SQL with SQL server directly.
Having said that, you can still shoot yourself in the foot if you use EF store queries – this can be plain old SQL – so make sure you use
SqlParameterhere.