Is ExecuteSqlRawAsync method with parameterized quirey in ASP .NET Core a proper way of preventing SQL Injection attacks

  Kiến thức lập trình

This is a parametrized query:

string sqlQuery = @"UPDATE MyTable SET MyTableItemName = @newName WHERE MyTableItemId = @id;";
await _context.Database.ExecuteSqlRawAsync(
                sqlQuery,
                new SqlParameter("@newName", "Test name"),
                new SqlParameter("@id", 1)
);

If the parameters will come from a client side, would this query prevent SQL Injection attacks?
If not, what would be an alternative besides using LINQ queries?

  • c#
  • asp.net-core
  • sql-injection

Theme wordpress giá rẻ Theme wordpress giá rẻ Thiết kế website

LEAVE A COMMENT