Reputation: 23
SQL injection concerns
ok i use this route
routes.MapRoute(
"Catalog/Data",
"Catalog/{*data}",
new { controller = "Catalog", action = "Category", data = "" }
);
the Url looks something like http://localhost/Catalog/Computer/Harddrives/internal
Data beening the Computer/Harddrives/internal part
i split it apart and validate the route here is where my concerns are, atm i do not check for sql injection
i check the route by getting the category from the database using enitity framework with this function
public Category GetByRoute(string Route)
{
return (from c in XEntity.CategorySet
.Where(c => c.Route == Route)
.Where(c => c.IsEnabled == true)
select c).FirstOrDefault();
}
should i be worried about sql injection with this?
Upvotes: 1
Views: 221
Answers (1)
Reputation: 56500
Linq2Sql and the Entity Framework use SQL parameters (except for one edge case) so you'll be fine.
In your case you're actually using Linq over the CategorySet, and linq is executed locally in this case, so it's CategorySet that's touching the database, the where constraints run after (I believe). Again in this case there's no problem.
Upvotes: 7
Related Questions
- SQL injection with Entity Framework Database.SqlQuery
- Entity Framework + sql injection
- Control SQL injection in MVC
- asp.net MVC prevent sql injection
- Need information on SQL Injection in ASP.Net MVC 4
- MVC 4 SQL string injection Security
- SQL injection with Entity Framework
- Possibilities of SQL Injection with EFCTP and .net mvc
- Entity Framework 4.1 SQL Injection
- EntitySQL and SQL injection