The SQL it generates uses "parameterized queries", they are not vulnerable to traditional sql injection msdn.microsoft.com/en-us/library/bb38692... Q. How is LINQ to SQL protected from SQL-injection attacks? A.
SQL injection has been a significant risk for traditional SQL queries formed by concatenating user input. LINQ to SQL avoids such injection by using SqlParameter in queries. User input is turned into parameter values.
This approach prevents malicious commands from being used from customer inpu.
Yes, because arguments are passed as parameters to the SQL it generates.
NO . Its the way how you are designing your application , if you use LINQ only with compiled queries then you are safe but if you intend to build adhoc queires based on varying criterias, then you are susceptible to SQL Injection specially when you execute adhoc queires on your datacontext.
– frenchie Mar 28 at 5:15 @frenchie: that you built by concatenating sql strings in your code like string query = "select * from Employee Where empID = " + txtEmpID. Text ; – Furqan Mar 28 at 5:21.
Yes, because arguments are passed as parameters to the SQL it generates. YES , Fully? Its the way how you are designing your application , if you use LINQ only with compiled queries then you are safe but if you intend to build adhoc queires based on varying criterias, then you are susceptible to SQL Injection specially when you execute adhoc queires on your datacontext.
Terms of service. Not the answer you're looking for?
I cant really gove you an answer,but what I can give you is a way to a solution, that is you have to find the anglde that you relate to or peaks your interest. A good paper is one that people get drawn into because it reaches them ln some way.As for me WW11 to me, I think of the holocaust and the effect it had on the survivors, their families and those who stood by and did nothing until it was too late.