SQL Injection - Parameters for Protection

SQL Injection - Parameters for Protection

Some web developers use a "blacklist" of words or characters to search for in SQL input, to prevent SQL injection attacks.
This is not a very good idea. Many of these words (like delete or drop) and characters (like semicolons and quotation marks), are used in common language, and should be allowed in many types of input. (In fact it should be perfectly legal to input an SQL statement in a database field.)
The only proven way to protect a web site from SQL injection attacks, is to use SQL parameters.
SQL parameters are values that are added to an SQL query at execution time, in a controlled manner.
Read more: SQL Injection
SQL Quiz
Start Quiz

or Read more about SQL Quiz

Follow CodeGalaxy

Mobile Beta

Get it on Google Play
Send Feedback