Try our conversational search powered by Generative AI!

Prevent SQL injection attacks


Hi! Is there any built-in security against SQL injection in EPiServer (Star-) Community 3.1, for example using parameterized queries?


Aug 27, 2008 14:28
Yes, by using stored procedures or parameterized dynamic sql.
Aug 28, 2008 15:18

Why not use linq?

Perhaps one day EPiServer will provide development support with VS2008 ;-)

Aug 28, 2008 20:38

Entity Framework with LINQ-to-Entities is an option but it has just been released and v1 is kind of limited if you are using EAV models. LINQ-to-SQL is  not an option because it does not support Oracle and has no abstraction of the database model. Community use NHibernate for querying.

EPiServer CMS 5 R2(soon to be released) will officially support VS2008 but I know many already doing their development on VS2008 with a few tweaks, see:


Aug 29, 2008 11:19
This thread is locked and should be used for reference only. Please use the Legacy add-ons forum to open new discussions.
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.