Is LINQ for NHibernate susceptible to SQL injection and other security threats affecting raw sql

Question

Is LINQ for NHibernate susceptible to SQL injection and other security threats affecting raw sql

I did a search on the Internet, but I could not find reliable answers. Is LINQ for NHibernate susceptible to SQL injection and other raw SQL attacks? If so, what codes illustrate how to avoid such database attacks?

+4

security sql nhibernate linq-to-nhibernate

Phil Feb 29 '12 at 4:05

source share

1 answer

Joshua enfield · Accepted Answer · 2012-02-29T04:08:25+0000

Not.

SQL injection usually works using string formatting. The arguments used in LINQ expressions are safe. The provider will handle SQL generation in such a way that fuzzy SQL in the arguments will not be executed, and the arguments will be limited to existing ones, as they are defined.

In addition, under the hood, it uses parameterized SQL queries that are immune to injection attacks.

Is LINQ for NHibernate susceptible to SQL injection and other security threats affecting raw sql

More articles: