2 Kicks

Does LINQ to SQL eliminate the possibility of SQL Injection(www.thinqlinq.com)

submitted by KodefuGuruKodefuGuru(2818) 9 months, 28 days ago

By default, LINQ to SQL uses parameterized queries rather than concatenated strings when executing your LINQ queries. As a result, if a user tries to perform SQL Injection by improperly escaping parts of the SQL, the escape is considered part of the parameter rather than part of the query and thus avoids the injection. However, as we discussed in chapter 8 of LINQ in Action, LINQ to SQL greatly reduces the possibility of SQL Injection, but doesn't completely eliminate it. For example, if you are using ...

1 comment |category: |Views: 20

tags: another

new Add a live kick counter to your blog >> liveImage

You can even customize the image by choosing your own colors, and then clicking the button below to update the preview and the html code:

  • "Kick It" text
  • "Kick It" background
  • kick count text
  • kick count background
  • border

Simply copy and paste this HTML into your blog post.


Users who kicked this story:
dpetersondpeterson(4397) - KodefuGuruKodefuGuru(2818)
Comments:

posted by dpetersondpeterson(4397) 9 months, 27 days ago 0

Moral of the story, use parameterized queries no matter what tool you use to access the database. You should never, ever, ever trust user input, and you should definitely not concatenate it with your query strings.

Reply

information Login or create an account to comment on this story
Submit a Story
View upcoming stories
How else can I help?
Add our feeds to your site

Most Active Users

What's this?