Please refer to the database search guide and tell if the search methodology is safe, especially because it accepts input from a text field.
http://net.tutsplus.com/tutorials/asp-net/enabling-search-functionality-in-your-site-using-the-new-features-in-aspnet-35/
Protected Sub btnSubmit_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles btnSubmit.Click Dim db As New BlogDBDataContext() Dim q = From b In db.Blogs _ Where b.BlogContents.Contains(txtSearch.Text.Trim()) Or _ b.BlogTitle.Contains(txtSearch.Text.Trim()) _ Select b lv.DataSource = q lv.DataBind() End Sub
Yes, it is safe. You are not susceptible to SQL injection attacks using LINQ unless you yourself create SQL, for example if you use ExecuteQuery.
ExecuteQuery
. , SQL- LINQ to SQL. . http://www.thinqlinq.com/Post.aspx/Title/Does-LINQ-to-SQL-eliminate-the-possibility-of-SQL-Injection