如何避免使用LINQ SQL注入与EF在codefirst技术在C＃ [英] how to avoid SQL Injection with Linq with EF in codefirst technique in c#

问题描述

我使用asp.net MVC 3与EF 4.1与SQL Azure的WCF。我建立了搜索引擎对我的申请。并使用动态的LINQ构建查询。我想避免这种情况的SQL injetion。什么是相同的最佳做法？什么是precaoution我应该在这种情况下？

I am using asp.net mvc 3 with WCF with EF 4.1 With Sql Azure. I am building the search engine for my application. and using the dynamic Linq to build queries. I want to avoid the sql injetion in this scenario. what is the best practice for the same ? what are the precaoution i should take in this scenario ?

推荐答案

只要你正在建立通过LINQ查询，那么你是不是容易受到SQL注入。虽然这并不意味着你的code是无懈可击对各种攻击（暴力破解密码等），你不会受到SQL注入攻击。

As long as your are building your queries through LINQ, then you are not vulnerable to SQL injection. While this doesn't mean that your code is invulnerable to ALL sorts of attacks (brute forcing passwords, etc.), you won't be vulnerable to SQL injection.

这篇关于如何避免使用LINQ SQL注入与EF在codefirst技术在C＃的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！