I was just curious as to whether the entity framework is set up to handle issues like SQL injection by default.
Every instruction, video, book, and blog post that I have seen. Nobody appears to bring up security, as variables are just sent in without any checks or any safeguards.
I was just curious as to what people's opinions were on this and how you manage this aspect of things.
If you utilize LINQ to Entities queries, Entity Framework does indeed deal with security problems like SQL injection attacks.
SQL injection does this using the SQL query parameters. There are potential attack vectors when using Entity SQL commands, much as when using ADO.NET.
I'm not sure whether there are any additional potential security flaws, however you can read more here on MSDN and get some advice on how to keep Entity Framework safe.