This question is locked. New answers and comments are not allowed.
I've been wanting to do full text search and came across an article on your site explaining how to do it, which is good. However, to me, it looks ripe for SQL injection. I read through http://www.telerik.com/help/openaccess-orm/topic39.html but just wanted to verify with you guys that that won't be a problem.
Chris
Chris
3 Answers, 1 is accepted
0
Hello Chris,
Ralph
the Telerik team
When using the SQL extension method, we are using parameters to pass the values to the query. This ensures, that one can not inject unwanted sql. If you then also use a constant to define your sql to be used within the SQL extension method, you are on the safe side. And we check that the actual SQL that we try to produce comes actually from a string constant.
Hope that helps.
Feel free to ask if you have any other question.
Ralph
the Telerik team
If you want to get updates on new releases, tips and tricks and sneak peeks at our product labs directly from the developers working on the OpenAccess ORM, subscribe to their blog feed now.
0
Tudor
Top achievements
Rank 1
Rank 1
answered on 18 Jun 2014, 01:16 PM
I get an exception using this extension method:
LINQ to Entities does not recognize the method 'Boolean SQL[Boolean](System.String, System.Object[])' method, and this method cannot be translated into a store expression
Doesn't it run with EF?
LINQ to Entities does not recognize the method 'Boolean SQL[Boolean](System.String, System.Object[])' method, and this method cannot be translated into a store expression
Doesn't it run with EF?
0
Hello ,
Telerik Data Access extension methods can only be used with Telerik Data Access models and are not compatible with other ORMs. If you wish to take advantage of the rich functionality provided by Telerik Data Access we would like to invite you to check out our Q2 2014 release. It introduces new interesting features which were highly requested by our users - namely Attributes Support in the Visual Designer and Serializable Persistent Classes.
I hope this helps. Should you have any more questions related to Telerik Data Access feel free to post at our forums again.
Regards,
Kristian Nikolov
Telerik
Telerik Data Access extension methods can only be used with Telerik Data Access models and are not compatible with other ORMs. If you wish to take advantage of the rich functionality provided by Telerik Data Access we would like to invite you to check out our Q2 2014 release. It introduces new interesting features which were highly requested by our users - namely Attributes Support in the Visual Designer and Serializable Persistent Classes.
I hope this helps. Should you have any more questions related to Telerik Data Access feel free to post at our forums again.
Regards,
Kristian Nikolov
Telerik
OpenAccess ORM is now Telerik Data Access. For more information on the new names, please, check out the Telerik Product Map.