SQL Injection

Thread is closed for posting
2 posts, 0 answers
  1. Robert
    Robert avatar
    40 posts
    Member since:
    Jul 2008

    Posted 26 Feb 2009 Link to this post

    Does anyone know if OpenAccess ORM protects from SQL Injection attacks?  No knowing how it all works behind the scenes, I'd like to know if I need to scrub data before I persist through OpenAccess or not.

  2. Thomas
    Thomas avatar
    590 posts

    Posted 27 Feb 2009 Link to this post

    Hi Robert,

    as all user data is persisted / queried though means of parameters, there should not be any problem.
    What we generate is of the 'INSERT INTO TableName (Col1, Col2) VALUES (@p1,@p2) ' style, so your data has no impact on the actual statement used, only on the parameter values.

    the Telerik team

    Instantly find answers to your questions on the new Telerik Support Portal.
    Check out the tips for optimizing your support resource searches.
Back to Top