问题
What do I need to add, if I need to at all, to avoid sql injections?
public static Login GetLoginByName(string name)
{
var context=new telephonyEntities1();
Login t = (from l in context.Logins
where l.login1==name
select l).FirstOrDefault();
return t;
}
回答1:
Linq-to-sql uses SqlParameter to generate SQL queries, so no you do not need to do anything extra.
From Frequently Asked Questions (LINQ to SQL)
Q. How is LINQ to SQL protected from SQL-injection attacks?
A. SQL injection has been a significant risk for traditional SQL queries formed by concatenating user input. LINQ to SQL avoids such injection by using SqlParameter in queries. User input is turned into parameter values. This approach prevents malicious commands from being used from customer input.
来源:https://stackoverflow.com/questions/5893743/linq-to-sql-and-sql-injection