CISSP · Question #434
Which of the following is the BEST way to protect against structured Query language (SQL) injection?
The correct answer is D. Use stored procedures.. The best way to protect against SQL injection is to use stored procedures. SQL injection is a type of attack that exploits a vulnerability in a web application that allows an attacker to inject malicious SQL commands into the input fields or parameters of the application. The att
Question
Which of the following is the BEST way to protect against structured Query language (SQL) injection?
Options
- AEnforce boundary checking.
- BRestrict use of SELECT command.
- CRestrict Hyper Text Markup Language (HTNL) source code access.
- DUse stored procedures.
How the community answered
(21 responses)- A5% (1)
- B5% (1)
- D90% (19)
Explanation
The best way to protect against SQL injection is to use stored procedures. SQL injection is a type of attack that exploits a vulnerability in a web application that allows an attacker to inject malicious SQL commands into the input fields or parameters of the application. The attacker can then execute the SQL commands on the underlying database and access, modify, or delete the data. Stored procedures are precompiled SQL statements that are stored on the database server and can be invoked by the application. Stored procedures can prevent SQL injection by separating the SQL logic from the user input, validating the input parameters, and escaping the special characters that can alter the SQL syntax.
Topics
Community Discussion
No community discussion yet for this question.