Reputation: 11
Entity Framework - passing null value as parameter
I am using contrast security (third party tool that indicates SQL Injection, Vulnerabilities) and entity framework, my code is like this:
public int Insert(UserAddress userAddress)
{
_context.Entry(userAddress).State = EntityState.Added;
_context.SaveChanges();
return userAddress.Id;
}
When SaveChanges() gets executed, an insert query is generated like this:
INSERT [dbo].[Address] ([UserId], [Name], [Address1], [Address2],
[City], [State], [PostalCode],
[Location], [LocationTypeId],
[BusinessName], [DeliveryInstructions],
[IsDefault], [SortOrder])
VALUES ('111111a1-22z2-33x3-44y4-fbad42c09c3a', @2, 'address1', null,
'Alpharetta', 'GA', 30005,
'POINT (-80.2427068 30.0925161)', 0,
'', '',
1, 0)
Now, according to contrast security, passing "null" in query is not ethical, it's bad practice - but I want to allow null values!
Can I pass null values using SQL parameters to the SaveChanges() method?
Is there any way to handle this? Does anyone have any idea?
Upvotes: 1
Views: 472
Answers (1)
Reputation: 31
I'm one of the developers for Contrast Security .NET agent. It does sound like a false positive with our product. There should not be any problems with using nulls in insert statements.
Could you please submit a support request and include your finding trace xml? We'll be happy to take a look and fix this issue on our end.
Upvotes: 1
Related Questions
- How to pass a null value into a stored procedure with Entity Framework?
- Entity Framework 'column does not allow nulls'
- Value cannot be null error in asp.net
- Save Null value in SQL Server via Entity Framework
- Passing empty string to EF6
- How to pass null values into stored procedure via Entity Framework?
- create query with parameter that can be null
- Getting error on POST with Entity Framework - Value cannot be null. Parameter name: source
- passing value to the null value column in Sql
- Entity Framework 4.0 Entity SQL passing null ObjectParameter parameters