Is writing eSQL database independent or not?
Using EF we can use LINQ to read data which is rather simple (especially using fluent calls), but we have less control unless we write eSQL o开发者_StackOverflown our own.
- Is writing eSQL actually data store independent code? So if we decide to change data store, can the same statements still be used?
- Does writing eSQL strings in your code pose any serious security threats similar to writing TSQL statements as plain strings in C# code? That's why SPs are recommended. Could we still move eSQL scripts outside of code and use some other technique to make them a bit more secure?
- ESQL is database independent in general, so it can be used like LINQ to Entities.
But please be aware that it has more serious limitations. It does not have DML, DDL, and DB-specific abilities.
The main ESQL disadvantage is that even simple query containing a couple of lines can be translated into monstrous SQL query for a particular DBMS, so one should check the generated SQL to be appropriate and analyze if it is optimal. - ESQL will not be executed directly on a database, it will be translated to SQL. EF Security discussion is usually started from the connection string proptection, then model security is discussed, and only after that query protection is analyzed. It's up to the developer to decide if the peculiar query should be protected.
精彩评论