ASP.NET Monsters #105: SQL Injection attacks in Entity Framework Core 2.0

Sign in to queue


Entity Framework Core 2 was released recently. In today's episode we explore a new feature which automatically paramaterizes SQL Queries when the FromSql method is used with an interpolated string. Monster Dave shows us exactly why parametrized queries are so important when querying using raw sql.

Episode Sponsor:
AppVeyor - Continuous Delivery Services for Windows Developers


Related Links:
EF Core Injection Samples by Nick Craver
FormattableString - MSDN




Download this episode

Download captions

The Discussion

Add Your 2 Cents