Users of object-relational mappers (ORMs) such as Entity Framework Core 3, introduced in Chapter 9, Accessing Data Using Entity Framework Core 3, usually work with objects, and most ORMs offer strong, object-oriented query capabilities and therefore SQL injection is not as common a threat.
Note that you could also use stored procedures along with Entity Framework Core. Usage of stored procedures further reduces the risk of SQL injection either when used alongside Entity Framework Core or on their own, mainly because of their parameterized features.
Even when string queries are used, ORMs usually make working with parameters so much easier than working with ADO.NET parameters, in that there is no drive to use string concatenation with most ORMs.
However, if you happen to use NHibernate, HQL (short for Hibernate Query Language) is very similar to SQL and it behaves in a similar manner as executing raw SQL statements.
If you are an NHibernate ORM user, desist from using HQL in your Data Access Layer (DAL) as it makes your application susceptible to SQL injection.