Control SQL injection in MVC

Question

It\'s my first time developing using MVC and I want to make it secure.

When I use HtmlEncode it converts the String to the equivalent HTML String.

The user c

Answer 1

LINQ and Entity Framework already check for SQL Injection for you.

But you should read the documentation anyhow:

LINQ MSDN Link (section SQL-Injection Attacks)

Entity Framework MSDN Link (section Security Considerations for Queries)

Hope it helps!