Avoiding SQL Injection in Entity Framework Core (While using inline queries)
I did a couple of videos in past regarding Entity Framework Core. But during those videos, I did not cover the aspects of SQL Injections and how it comes to play with Entity Framework Core. In this video, I will be walking through how to valid potential SQL Injection pitfalls.
What is SQL Injection? SQL injection is a way to inject vulnerable SQL code through a loophole exposed by the code to make unwanted changes to the database. For example, if we use inline queries and expect a name to be passed as a parameter, but we use string interpolation, there is a possibility of a user passing queries as a part of the name to destroy the database.
Entity Framework Core makes it really easy to avoid SQL Injection, using a couple of ways. And in this video, I will go through both these ways of using Entity Framework Core to avoid SQL injection.
My previous videos for Entity Framework Core are here:
Source code for this video session is available in my GitHub repo:
![An introduction to FusionCache [.NET 8]](https://images.videosashka.com/watch/-ijPI53-mdA)
![NSubstitute Mocking framework for .NET [C#]](https://images.videosashka.com/watch/sjHJfk4bRa0)
![Query multiple result sets using QueryMultiple in Dapper micro-ORM [C#/.NET]](https://images.videosashka.com/watch/T3XM7DXIQ_E)
![Example of Microservice to Microservice Authentication [C#/.NET]](https://images.videosashka.com/watch/sVIDQCDETLo)
![An example of real-life webhook implementation [C#/.NET]](https://images.videosashka.com/watch/Wpdy1GElg5k)
![What is a Webhook? [.NET/C# Implementation]](https://images.videosashka.com/watch/fTvnM8roWjE)
![Notification pattern using MediatR [C# 11 / .NET 7]](https://images.videosashka.com/watch/2E_J83mMH7g)
![Message between components using MediatR [C# 11 / .NET 7]](https://images.videosashka.com/watch/qIxNHf3wbLw)
