Possible Duplicate:
Will using LINQ to SQL help prevent SQL injection
I’m using LINQ to access a sql db. Is the following code safe?
var addRec = (from p in db.5544
where p.ID == newAddID
select p).Single();
addRec.Address1 = comAddTxt1.Text; //create address record
addRec.Address2 = comAddTxt2.Text;
addRec.Address3 = comAddTxt3.Text;
addRec.Address4 = comAddTxt4.Text;
addRec.PostCode = pstCdeTxt.Text;
addRec.Town = twnTxt.Text;
addRec.County = cntyTxt.Text;
addRec.Country = cntComBox.SelectedItem.Text;
db.SubmitChanges();
Thanks,
Yes, it is safe from SQL injection attacks.
No, it is potentially unsafe from other forms of attack, ie: Cross Site Scripting, etc, where relevant.