Does anyone know if OpenAccess ORM protects from SQL Injection attacks? No knowing how it all works behind the scenes, I'd like to know if I need to scrub data before I persist through OpenAccess or not.
Thanks,
Robert
1 Answer, 1 is accepted
0
Thomas
Telerik team
answered on 27 Feb 2009, 12:03 PM
Hi Robert,
as all user data is persisted / queried though means of parameters, there should not be any problem.
What we generate is of the 'INSERT INTO TableName (Col1, Col2) VALUES (@p1,@p2) ' style, so your data has no impact on the actual statement used, only on the parameter values.