Avoiding SQL Injection in Entity Framework Core (While using inline queries)

Published: 11 October 2020
on channel: DotNet Core Central
7,833
84

I did a couple of videos in past regarding Entity Framework Core. But during those videos, I did not cover the aspects of SQL Injections and how it comes to play with Entity Framework Core. In this video, I will be walking through how to valid potential SQL Injection pitfalls.

What is SQL Injection? SQL injection is a way to inject vulnerable SQL code through a loophole exposed by the code to make unwanted changes to the database. For example, if we use inline queries and expect a name to be passed as a parameter, but we use string interpolation, there is a possibility of a user passing queries as a part of the name to destroy the database.

Entity Framework Core makes it really easy to avoid SQL Injection, using a couple of ways. And in this video, I will go through both these ways of using Entity Framework Core to avoid SQL injection.

My previous videos for Entity Framework Core are here:
   • Entity Framework Core (CRUD Operation in ....  
   • Entity Framework Core (In-Line Query, Stor...  
   • Entity Framework Core (Inline Query for In...  

Source code for this video session is available in my GitHub repo: https://github.com/choudhurynirjhar/E...


On this page of the site you can watch the video online Avoiding SQL Injection in Entity Framework Core (While using inline queries) with a duration of hours minute second in good quality, which was uploaded by the user DotNet Core Central 11 October 2020, share the link with friends and acquaintances, this video has already been watched 7,833 times on youtube and it was liked by 84 viewers. Enjoy your viewing!