I am developing an application in MVC-5 and I have read several articles on SQL Injection.
I would like to know if I have to take any security measures or modify my selects, or if the MVC-5 already has a shield against this situation.
Throughout my project I'm using the format below to select data from my tables:
string query = "SELECT * FROM TABELA WHERE CHAVE = '"+CH+"'";
using (var connection = new SqlConnection(ConfigurationManager.ConnectionStrings["ConnectionString"].ConnectionString))
using (var command = new SqlCommand(query, connection))
{
connection.Open();
using (var reader = command.ExecuteReader())