What is the fastest way to get any object JSON from the database to the client without leaving behind opportunities for SQL injection?

What is the fastest way to get JSON from the database to the client without leaving behind opp开发者_高级运维ortunities for SQL injection?

I am looking at paging, insert, update, delete, sort, etc... against any table in my schema.

This all depends on what data you are querying. The fact you are using JSON doesnt have anything to do with sql injection - its more of the calls to the database that would be a concern. On the server side do not form any dynamic sql. 1. Use stored procedures (and do not include any dynamic sql in a stored proc - if you do make sure you use sp_executesql and not exec, as sp_executesql can take a parameterized query 2. use parameterized queries 3. use an ORM (ex. entity framework) which uses parameterized queries behind the scenes anyways.

try not to use any dynamic sql - if you must for some reason then make sure you use parameterized queries.

then on your result from your controller simply return

return Json(yourModel);