• Advertisement
Sign in to follow this  
Followers 0

what about using orm(specially entity framework)

By moeen k , in Networking and Multiplayer

This topic is 1146 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Recommended Posts

moeen k    1432

Posted

hello my friend.

maybe my question is not right about this part of forum but i think its better to be asked here.

 

i have a windows server and is written with c#. i work with sql server for working with data. there is a question for me. is most of us know working with orm like entity framework is very sugested against of using string query and sql command and dataset.

 

i dont have very bright information but its said that EF uses a localDB to save recent data and in certain amount of time, it will add the data to main sql server database. maybe it makes connections with database much less and maybe less exceptions. but doesnt it use more buffer for localDB? or as my database also is on same server is this really important to be worried about server and database?

its said that using and orm compeletly defeats the sql injection and there will be no sql injection threat . is this true?

 

 

i have worked alot with sqlcommand and i just started working with EF. i think i can make much cleaner code using sqlcommand rather than EF.

 

which of them is faster and uses less memory and process? 

 

maybe there are more diffrences that i dont know.

 

i ant to know what you think about it and what is your opinion about this?

 

thank you for helping.

 

 

 
 
 
0

Share this post

Link to post
Share on other sites
Advertisement

frob    45278

Posted


its said that using and orm compeletly defeats the sql injection and there will be no sql injection threat . is this true?

Partially true.

 

The libraries handle the SQL transaction, and they are fairly careful about sanitizing their data. They will almost always parameterize the queries rather than compose them into a single string, for example. 

 

That does not mean they are immune from the threat. Instead it means the people gave it more thought than most novice developers would, and that it will be less likely to have errors caused by sloppy developers under a time crunch. 

 

The risk is reduced, but is not zero.

 


i have worked alot with sqlcommand and i just started working with EF. i think i can make much cleaner code using sqlcommand rather than EF. which of them is faster and uses less memory and process? 

Performance, memory requirements, and processing requirements depend almost entirely on your implementation details.

 

You can write bad code with almost any tool.

2

Share this post

Link to post
Share on other sites
Sign in to follow this  
Followers 0
Go To Topic Listing Networking and Multiplayer
  • Advertisement