Which is the only proven way to prevent SQL Injection
Explanation
Query parametrization is the only way of preventing SQL injections into the database.
Theory
  • SQL Injection

    SQL injection is a technique where malicious users can inject SQL commands into an SQL statement, via web page input.
    Injected SQL commands can alter SQL statement and compromise the security of a web application.
    Read more: SQL Injection
  • SQL Injection - Parameters for Protection

    Some web developers use a "blacklist" of words or characters to search for in SQL input, to prevent SQL injection attacks.
    This is not a very good idea. Many of these words (like delete or drop) and characters (like semicolons and quotation marks), are used in common language, and should be allowed in many types of input. (In fact it should be perfectly legal to input an SQL statement in a database field.)
    The only proven way to protect a web site from SQL injection attacks, is to use SQL parameters.
    SQL parameters are values that are added to an SQL query at execution time, in a controlled manner.
    Read more: SQL Injection
SQL
SQL Quiz
Start Quiz

or Read more about SQL Quiz

Follow CodeGalaxy

Mobile Beta

Get it on Google Play
Send Feedback