Scenario: You are tasked with developing a web application that collects user input and inserts it into a SQL Server database. How can you prevent SQL injection in this scenario?
- Escaping special characters
- Sanitize input
- Use an ORM (Object-Relational Mapping)
- Use parameterized queries
Using parameterized queries is an effective defense against SQL injection attacks. It allows the database engine to distinguish between SQL code and data, preventing malicious SQL code injection. Sanitizing input is not as reliable as parameterized queries and may still leave vulnerabilities. Escaping special characters can be prone to human error and might not cover all possible injection vectors. Using an ORM can also help prevent SQL injection, but it's not as direct and reliable as using parameterized queries.
Loading...
Related Quiz
- Scenario: Your application needs to allow users to edit data within the displayed table. Which property or feature would you enable in the chosen control?
- To add a new row to a DataTable in a dataset, you typically use the ___________ method.
- Scenario: You have a DataTable containing sales data for a year. You need to create a DataView that displays only the sales records for a specific region. Which property of the DataView would you use to achieve this?
- ADO.NET provides the SqlConnection ___________ method to explicitly close a database connection.
- The IsolationLevel enumeration in ADO.NET provides options such as ReadCommitted and ___________.