I using plain LINQ to query my database in my MVC web application. I have queries similar to this one
list = context.Courses.Join(
context.Departments,
course => course.DepartmentId,
department => department.ID,
(course, department) => new { course, department })
.Select(f => new FriendlyCourseViewModel
{
ID = f.course.ID,
Acronym = f.department.Acronym,
CourseNumber = f.course.CourseNumber,
CourseName = f.course.CourseName
});
where context is my dbcontext class. I'd like certain LINQ queries to use sanitized input. Should I be making all of my LINQ queries into SP (stored procedures) to sanitize my input? If yes, is there an easy way I can convert my LINQ to a SP?
Are you talking about using paramerterized queries? If so, Entity Framework is already doing that.