Menu
I'm executing some SQL using EF with the .SqlQuery(string sql) command.
I want to make sure my sql string is completely sanitised, so the logic approach was to use an SqlCommand object with parameters to build it.
However I don't want to execute it using the SqlCommand, I just want the SqlCommand to spit out a string that I can plug into my EF .SqlQuery(...) call.
Is there a way of doing this, or another method of ensuring my .SqlQuery won't result in injection?
375
C programming language is a machine-independent programming language that is mainly used to create many types of applications and operating systems such as Windows, and other complicated programs such as the Oracle database, Git, Python interpreter, and games and is considered a programming foundation in the process of ...
Originally Answered: What is the full form of C ? C - Compiler . C is a general-purpose, high-level language that was originally developed by Dennis M. Ritchie to develop the UNIX operating system at Bell Labs. C was originally first implemented on the DEC PDP-11 computer in 1972.
The letter c was applied by French orthographists in the 12th century to represent the sound ts in English, and this sound developed into the simpler sibilant s.
What is C? C is a general-purpose programming language created by Dennis Ritchie at the Bell Laboratories in 1972. It is a very popular language, despite being old. C is strongly associated with UNIX, as it was developed to write the UNIX operating system.
Doesn't EF support that out of the box?
You should be able to call SqlQuery with parameters, so it will take care of SQL injection etc., just like SqlCommand does:
var tests = context.Database.SqlQuery<Test>(
@"SELECT Id, Name FROM tests where Name={0}", "TestName");
or..
var tests = context.Database.SqlQuery<Test>(
@"SELECT Id, Name FROM tests where Name=@name",
new SqlParameter("@name", "TestName"));
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
