Get Help:Ask a Question in our Forums|Report a Bug|More Help Resources
Last post Feb 23, 2013 01:22 PM by Rion Williams
Feb 23, 2013 01:12 PM|LINK
I'm converting from sql query to ado.net EF linq query.I edited query according to ado.net ef linq.
My sql query :
string query = "SELECT * FROM user WHERE UEAddress = '" + userName +
"' AND UPassword = '" + password + "'";
My linq query:
var query = from u in db.user
where u.UEAddress == username && u.UPassword == password
We already know that parameterized query prevent from sql injection when use with sql.
But how I prevent ado.net Ef query from sql injection?
Is it enough to ado.net linq query for prevent sql injection?
Do I have to change in my linq query for prevent sql injection?
Feb 23, 2013 01:20 PM|LINK
EF uses parameterized queries as far as I know. so you should be good to go.
Feb 23, 2013 01:22 PM|LINK
By default using LINQ to SQL will prevent any SQL Injection as it sends all of the values contained in the query through as parameters automatically. LINQ will substitute all of the values server-side to make them safe and help curb any attempts at SQL Injection.
Check out the following articles, which will shed some light on how this process is performed :
Eliminate SQL Injection Attacks Painlessly with LINQ
Is This LINQ Query Protected Against SQL Injection?