Hi,

I have a query regarding the LLBLGen code. I am inserting/updating data using the Entity objects. So Is SQL Injection possible ? I read in one of the article that LLBLGen uses the paratemerized query to insert/update.

I am sending the dummy code ( How I insert data in the system).

Dim objXYZ As XYZEntity = New XYZEntity()

        If rdpEstablishedDateEdit IsNot Nothing Then
            XYZEntity.PlanDate = rdpEstablishedDateEdit.SelectedDate
        End If

        XYZEntity.UpdtBy =Me.CurrentlyLoggedOnCHDSUser.Cai                                          

XYZEntity.UpdtTs = DateTime.Now.Date

        If chkSupervisorReviewEdit IsNot Nothing Then
            If chkSupervisorReviewEdit.Checked = True Then
                XYZEntity.SupervisorReview = 1
            Else
                objDevelopmentPlanEntity.SupervisorReview = 0
            End If
        End If

        XYZEntity.EmployeeDataId = Me.TargetCHDSUser.EmployeeDataID

        If txtDevPlanSummaryEdit IsNot Nothing Then
            XYZEntity.DevPlan = txtDevPlanSummaryEdit.Text
        End If

            If XYZEntity.Save() Then
                Me.InfoMessage = "Save was successful."
            End If

Basically I just want to confirm Is SQL Injections possible by LLBLGen code.

Monisha

LLBLGen does not allow SQL injection to happen. If you examine the generated SQL you will see that it only ever generate parameterized queries, thus preventing mal-formed SQL from being executed by the database server.

Matt