Entity Framework Core 8 SQL Injection Attacks

How do you like to form your queries? LINQ? Interpolation? Parameters? Let me know in the comments.
Source code available at: github.com/JasperKent/.NET-8-SQL-Injection
Remember to subscribe at ua-cam.com/channels/qWQzlUDdllnLmtgfSgYTCA.html
And if you liked the video, click the 👍.

Ty

Completely agree with this. Personally I would be wary of using SqlQuery because although it is safe it looks unsafe. Hence when reading code in review or at the start of adding new features the developer is likely to pause at each use and ask "hmm is this safe?" which just slows the task at hand. Worse, as you point out, the developer might assume its safe but the those subtle 3 characters "Raw" are there.
Another issue I have with the use of FormattableString is that it explodes what looks like a single parameter to multiple parameters. E.g you have a chunk of SQL that is a set of UNIONS and each makes use of the parameter, using SqlQuery results in multiple Db Parameters being passed instead of just a single one. Not really a big problem in most cases but I still find that a bit icky.

Which keyboard do you use can you please tell?
Love the sound

Could you please elaborate a bit on the EF Core 8 features here - which exactly are they and how do they relate to SQL injections?
SqlQueryRaw and FormattableString are not new to .NET 8, so I am a bit confused as to what you are referring to in the video.
Thanks!

Hello, sorry for the inconvenience but could you show how to make a report in C# with the MVVM pattern (models, view, view models)?