Is there a way to Inject SQL command in LINQ Connection? When he's not using the typical
string sqlstr="SELECT * FROM TABLE WHERE COLUMN = '" + PARAMETER + "' ";
List<Table> tbl = context.ExecuteQuery<Table>(sqlstr).ToList();
-we all know that by using this way, you can easily inject a sql command. But how about in this:
var sqlstr = (from tbl in context.Table
where column == parameter
select new{tbl.column}).ToList();
QUESTION: What would be the input in parameter in order for you to inject a sql command?