4

I did web searches but I could not find solid answers. Is LINQ to NHibernate susceptible to SQL injection and other raw SQL attacks? If yes, what are same codes illustrating how to avoid such database attacks?

Phil
  • 2,143
  • 19
  • 44

1 Answers1

7

No.

SQL injection usually works by taking advantage of string formatting. The arguments used in LINQ expressions are safe. The provider will handle the generation of the SQL in such a way that nefarious SQL in the arguments will not be executed, and arguments will be constrained to existing as they are defined.

Furthermore under the hood it uses paramaterized SQL Queries which are immune to injection attacks.

Joshua Enfield
  • 17,642
  • 10
  • 51
  • 98