addRec

addRec

关注
发信
关注(28)粉丝(399)

c# - LINQ和SQL注入(inject)

Possible Duplicate:
Will using LINQ to SQL help prevent SQL injection




我正在使用LINQ访问SQL数据库。以下代码安全吗?

 var addRec = (from p in db.5544
                          where p.ID == newAddID
                          select p).Single();

            addRec.Address1 = comAddTxt1.Text;                                                                             //create address record
            addRec.Address2 = comAddTxt2.Text;
            addRec.Address3 = comAddTxt3.Text;
            addRec.Address4 = comAddTxt4.Text;
            addRec.PostCode = pstCdeTxt.Text;
            addRec.Town = twnTxt.Text;
            addRec.County = cntyTxt.Text;
            addRec.Country = cntComBox.SelectedItem.Text;

            db.SubmitChanges();


谢谢,

最佳答案

是的,它可以防止SQL注入攻击。

不,从其他形式的攻击中可能是不安全的,例如:跨站点脚本等,如果相关的话。

关于c# - LINQ和SQL注入(inject),我们在Stack Overflow上找到一个类似的问题:https://stackoverflow.com/questions/11518222/

10-15 06:47
Powered by LMLPHP ©2024 addRec 0.041582