2

What do I need to add, if I need to at all, to avoid sql injections?

public static Login GetLoginByName(string name)
{
    var context=new telephonyEntities1();

    Login t = (from l in context.Logins
               where l.login1==name
               select l).FirstOrDefault();
    return t;
}
Improve this question

1 Answer 1

Reset to default
6

Linq-to-sql uses SqlParameter to generate SQL queries, so no you do not need to do anything extra.

From Frequently Asked Questions (LINQ to SQL)

Q. How is LINQ to SQL protected from SQL-injection attacks?

A. SQL injection has been a significant risk for traditional SQL queries formed by concatenating user input. LINQ to SQL avoids such injection by using SqlParameter in queries. User input is turned into parameter values. This approach prevents malicious commands from being used from customer input.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.