This is a migrated thread and some comments may be shown as answers.

SQL Injection

1 Answer 128 Views
General Discussions
This is a migrated thread and some comments may be shown as answers.
This question is locked. New answers and comments are not allowed.
Robert
Top achievements
Rank 2
Robert asked on 26 Feb 2009, 04:39 PM
Does anyone know if OpenAccess ORM protects from SQL Injection attacks?  No knowing how it all works behind the scenes, I'd like to know if I need to scrub data before I persist through OpenAccess or not.

Thanks,
Robert

1 Answer, 1 is accepted

Sort by
0
Thomas
Telerik team
answered on 27 Feb 2009, 12:03 PM
Hi Robert,

as all user data is persisted / queried though means of parameters, there should not be any problem.
What we generate is of the 'INSERT INTO TableName (Col1, Col2) VALUES (@p1,@p2) ' style, so your data has no impact on the actual statement used, only on the parameter values.

Regards,
Thomas
the Telerik team

Instantly find answers to your questions on the new Telerik Support Portal.
Check out the tips for optimizing your support resource searches.
Tags
General Discussions
Asked by
Robert
Top achievements
Rank 2
Answers by
Thomas
Telerik team
Share this question
or