asp.net - Control SQL injection in MVC

Question

Ask a Question

Welcome To Ask or Share your Answers For Others

asp.net - Control SQL injection in MVC

asked Oct 24, 2021 in Technique[技术] by 深蓝 (71.8m points)

It's my first time developing using MVC and I want to make it secure.

When I use HtmlEncode it converts the String to the equivalent HTML String.

The user can enter in the search for example ali' or ali-- and they exist in my database. How to control my search and login from SQL injection please?

Also any tutorial or best practice to prevent script injection?

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙；凝视深渊过久,深渊将回以凝视…

403 views

1 Answer

深蓝 · Answer 1 · 2021-10-23T17:47:36+0000

LINQ and Entity Framework already check for SQL Injection for you.

But you should read the documentation anyhow:

LINQ MSDN Link (section SQL-Injection Attacks)

Entity Framework MSDN Link (section Security Considerations for Queries)

Hope it helps!

Categories

asp.net - Control SQL injection in MVC

Please log in or register to add a comment.

Please log in or register to answer this question.

1 Answer

Please log in or register to add a comment.

Just Browsing Browsing

Most popular tags