Will using LINQ to SQL help prevent SQL injection

Yes, LINQ will help stop SQL injection.

LINQ to SQL passes all data to the
database via SQL parameters. So,
although the SQL query is composed
dynamically, the values are substitued
server side through parameters
safeguarding against the most common
cause of SQL injection attacks.

Also, see Eliminate SQL Injection Attacks Painlessly with LINQ for some info.

More Related Contents:

How to make LINQ execute a (SQL) LIKE range search
LINQ to SQL Where Clause Optional Criteria
Returning IEnumerable vs. IQueryable
Is there a good LINQ way to do a cartesian product?
How can I conditionally apply a Linq operator?
LINQ to SQL – Left Outer Join with multiple join conditions
Understanding .AsEnumerable() in LINQ to SQL
TransactionScope vs Transaction in LINQ to SQL
How to return anonymous type from c# method that uses LINQ to SQL [duplicate]
How to write Asynchronous LINQ query?
Convert Linq Query Result to Dictionary
Am I misunderstanding LINQ to SQL .AsEnumerable()?
How do you perform a CROSS JOIN with LINQ to SQL?
LINQ Where Ignore Accentuation and Case
Linq query with nullable sum
Cannot convert lambda expression to type ‘string’ because it is not a delegate type [duplicate]
Find all child controls of specific type using Enumerable.OfType() or LINQ
Custom Method in LINQ to SQL query
LINQ to SQL using GROUP BY and COUNT(DISTINCT)
Max or Default?
The data source does not support server-side data paging
How do I do a left outer join with Dynamic Linq?
Last and LastOrDefault not supported
Linq “Could not translate expression… into SQL and could not treat it as a local expression.”
Select multiple fields group by and sum
How to convert DataTable to class Object?
Accessing System Databases/Tables using LINQ to SQL?
Linq where column == (null reference) not the same as column == null
If Else in LINQ
C# Linq to SQL: How to express “CONVERT([…] AS INT)”?

More Related Contents:

Leave a Comment Cancel reply