Scenario: You are tasked with developing a web application that collects user input and inserts it into a SQL Server database. How can you prevent SQL injection in this scenario?

  • Escaping special characters
  • Sanitize input
  • Use an ORM (Object-Relational Mapping)
  • Use parameterized queries
Using parameterized queries is an effective defense against SQL injection attacks. It allows the database engine to distinguish between SQL code and data, preventing malicious SQL code injection. Sanitizing input is not as reliable as parameterized queries and may still leave vulnerabilities. Escaping special characters can be prone to human error and might not cover all possible injection vectors. Using an ORM can also help prevent SQL injection, but it's not as direct and reliable as using parameterized queries.
Add your answer
Loading...

Leave a comment

Your email address will not be published. Required fields are marked *