C# must have a bug

[TheCPUWizard]

sql injections can happen anywhere. you can write an SQL statement the same way, you can pass parameters to a sproc the same way. you can shoot your foot off the same way.

1) They can NOT happen "anywhere" they can only occur if you are dynamically building SQL Statements.

Therefore

a) The code you quoted CAN NOT have a SQL Injection Attach Exposure.

b) An application using exclusively stored procedures also CAN NOT BE WRITTEN such that the APPLICATION exposes the database to SQL Injection. [This does NOT preclude errors on the part of the DBA writing the stored procedures, but that is not done in the context of the Application or even (in 99.99% of the cases) in managed code of any language.

[TheCPUWizard]

they can happen anywhere refers to programmers ability to eff up code where ever they program, and not referring to a specific situation

No this is the C# forum, and the post in question is about LINQ and SQL Injections specifically. What other programmers can do in other situations is not the topic of discussion. And there is NO possibility of SQL Injection with LINQ-TO-SQL.

<snip> I know of many situations where you asserted false statements. </snip>

If I post something false, and become aware of it, it has always been my policy to go back and ANNOTATE the existing information directing the user to the correct information (not editing the thread to destroy integrity of the posts).

If I have missed any, then my apologies, and please feel free to point them out to me (not on this thread) so I can address them.

[Brad Jones]

Negative personal comments are a violation of this site's Acceptable Usage Policy. Please avoid them. Personal issues can be discussed in PMs or elsewhere, but not on the public forums.

Let's get back to the focus of the thread and keep it professional.

Please do not respond publicly to this post. Please stay on topic going forward.

Thanks all.

Brad!
Site Admin