This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(153.6, 90%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EL%3C/text%3E%3C/svg%3E)
How can I prevent parameter tampering in my code below?
var MyTest = await _context.MyTable.Where(x => x.ID == EmployeeID).ToListAsync();
I assume you are referring to the EmployeeID parameter. Unfortunately, you did not share any code the populates the variable or shows how the variable is passed.
If you are worried about the LINQ query, the query that's generated is a parameter query. The parameter tampering vulnerability would occur else where in your code. For example, user input.
You can create a class like the following
public class Integer
{
public int Id { get; init; }
public Integer(int id)
{
Id = id;
}
}
Pass it to a method which can use it but not alter Id property
Thanks karenpayneoregon, so the value of EmployeeID is what I have to pass in into the Results method?
This is my code:
var MyTest = await _context.MyTable.Where(x => x.ID == EmployeeID).ToListAsync();
Yes, and you can name the class and or property as you see fit e.g.
public class Integer
{
public int EmployeeID { get; init; }
public Integer(int employeeId)
{
EmployeeID = employeeId;
}
}
Or
public class EmployeeData
{
public int Id { get; init; }
public EmployeeData(int employeeId)
{
Id = employeeId;
}
}
Thanks for your help!
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(67.2, 1%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETP%3C/text%3E%3C/svg%3E)
This is a .Net question.
.Net support is on stackoverflow. I suggest you post your question here: