https://stackoverflow.com/questions/18939775
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianYes it can, sql injection occurs when there is any type of string concatenation, if the stored procedure does string concatenation to execute a command inside, you would still be vulnerable
SQL injection with Entity Framework
-
29-06-2022 - |
Question
I am using Entity Framework 4.1 and use the following code for calling a stored procedure. Please advice me, whether this code can be attacked via SQL injection.
DbContext.Database.SqlQuery<TElement>("Name Of SP", params object[] parameters).
Solution
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
