TECHNOLOGIES
FORUMS
JOBS
BOOKS
EVENTS
INTERVIEWS
Live
MORE
LEARN
Training
CAREER
MEMBERS
VIDEOS
NEWS
BLOGS
Sign Up
Login
No unread comment.
View All Comments
No unread message.
View All Messages
No unread notification.
View All Notifications
Answers
Post
An Article
A Blog
A News
A Video
An EBook
An Interview Question
Ask Question
Forums
Monthly Leaders
Forum guidelines
Yin
NA
127
22.2k
SQL Command Injection
Nov 14 2012 1:09 AM
Is there a way to Inject SQL command in LINQ Connection? When he's not using the typical
string sqlstr="SELECT * FROM TABLE WHERE COLUMN = '" + PARAMETER + "' ";
List<Table> tbl = context.ExecuteQuery<Table>(sqlstr).ToList();
-we all know that by using this way, you can easily inject a sql command. But how about in this:
var sqlstr = (from tbl in context.Table
where column == parameter
select new{tbl.column}).ToList();
QUESTION: What would be the input in parameter in order for you to inject a sql command?
Reply
Answers (
2
)
were do i start with c#
A reference or guide to write a application with database XML