How should you secure the queries?
You are developing an ASP.NET MVC application that uses forms authentication. The application uses SQL queries that display customer order data.
You need to prevent all SQL injection attacks against the application.
How should you secure the queries?
A . Implement parameterization.
B . Pattern check the input.
C . Filter out prohibited words in the input.
D . Escape single quotes on string-based input parameters.
Answer: A
Explanation:
With most development platforms, parameterized statements that work with parameters can be used (sometimes called placeholders or bind variables) instead of embedding user input in the statement. A placeholder can only store a value of the given type and not an arbitrary SQL fragment. Hence the SQL injection would simply be treated as a strange (and probably invalid) parameter value.
References:
Latest 70-486 Dumps Valid Version with 255 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund