Entity Framework and SQL Injection

EF supports three types of queries( LINQ-to-Entities, Entity SQL , and
Native SQL).

LINQ-to-Entities queries are safe. This type of queries are not composed by using string manipulation, which makes it safe against SQL injection attacks.

Entity SQL and Native SQL are susceptible to SQL injection attacks. To safeguard your data, you must use parameterized queries instead of injecting literals from an external agent directly.

To learn all three types of queries visit here.

Read Microsoft documentation for complete EF security considerations.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Create a website or blog at WordPress.com

Up ↑

<span>%d</span> bloggers like this: