ASP.NET Monsters #105: SQL Injection attacks in Entity Framework Core 2.0

Sign in to queue

Description

Entity Framework Core 2 was released recently. In today's episode we explore a new feature which automatically paramaterizes SQL Queries when the FromSql method is used with an interpolated string. Monster Dave shows us exactly why parametrized queries are so important when querying using raw sql.

Episode Sponsor:
AppVeyor - Continuous Delivery Services for Windows Developers

 

Related Links:
EF Core Injection Samples by Nick Craver
FormattableString - MSDN

 

Embed

Download

Download this episode

Download captions

The Discussion

Add Your 2 Cents