Hi! Is there any built-in security against SQL injection in EPiServer (Star-) Community 3.1, for example using parameterized queries?
Why not use linq?
Perhaps one day EPiServer will provide development support with VS2008 ;-)
Entity Framework with LINQ-to-Entities is an option but it has just been released and v1 is kind of limited if you are using EAV models. LINQ-to-SQL is not an option because it does not support Oracle and has no abstraction of the database model. Community use NHibernate for querying.
EPiServer CMS 5 R2(soon to be released) will officially support VS2008 but I know many already doing their development on VS2008 with a few tweaks, see:http://labs.episerver.com/en/Blogs/Tags/Visual-Studio-2008/