From the course: ASP.NET: Security

Unlock the full course today

Join today to access over 22,400 courses taught by industry experts or purchase this course individually.

SQL injection with Entity Framework

SQL injection with Entity Framework

From the course: ASP.NET: Security

Start my 1-month free trial

SQL injection with Entity Framework

- [Instructor] Many applications these days do not use SQL at all. This sounds a bit weird, and of course they are using SQL in the background, but from an API perspective, the applications uses something else. It's using an OR mapper, an object relational mapper like Entity Framework, which is the approach that Microsoft suggests, which is kind of obvious since it comes from Microsoft. Entity Framework provides us with an API. We have a data model. Then we work with that model, we have methods, we have properties, we have a strongly-typed interface for our database and Entity Framework is responsible for turning our API calls into proper SQL statements. Since we now have this distinction between commands and data, we should be safe from SQL injection, aren't we? Well we are, unless we're using some very rarely used APIs. There are ways of executing raw SQL with Entity Framework depending on the Entity Framework version you're using. If you have a DB Set, there's the SQL Query Method,…

Contents