To prevent SQL injection attacks, web applications should use ___________ statements or parameterized queries.

  • Dynamic SQL
  • Escaped Input
  • Prepared Statements
  • Sanitized Input
SQL injection is a type of cyber attack where malicious SQL code is inserted into input fields of a web application, allowing attackers to access and manipulate the database. Using prepared statements or parameterized queries is an effective defense against SQL injection because they allow the database to distinguish between code and data, preventing attackers from executing arbitrary SQL commands. Sanitizing input and using escaped input are also good practices but may not provide as robust protection as prepared statements.
Add your answer
Loading...

Leave a comment

Your email address will not be published. Required fields are marked *