Which of the follow...
 
Notifications
Clear all

Which of the following query optimization techniques would effectively prevent SQL Injection attacks?

1 Posts
1 Users
0 Likes
40 Views
Wilber
(@hevesywilber)
Noble Member
Joined: 7 months ago
Posts: 340
Topic starter  

A web developer wants to ensure that malicious users can't type SQL statements when they asked for input, like their username/userid.

Which of the following query optimization techniques would effectively prevent SQL Injection attacks?

  • A . Indexing.
  • B . Subset of records.
  • C . Temporary table in the query set.
  • D . Parametrization.

Show Answer Hide Answer

Suggested Answer: D

Explanation:

The correct answer is D: Parametrization. Parameterized SQL queries allow you to place parameters in an SQL query instead of a constant value. A parameter takes a value only when the query is executed, allowing the query to be reused with different values and purposes. Parameterized SQL statements are available in some analysis clients, and are also available through the Historian SDK.

For example, you could create the following conditional SQL query, which contains a parameter for the collector's name: SELECT* FROM ExamsDigest WHERE coursename=? ORDER BY tagname SQL Injection is best prevented through the use of parameterized queries.

   
Quote
Topic Tags
Share: