You have a database in an Azure Cosmos DB Core (SQL) API account.
You need to create an Azure function that will access the database to retrieve records based on a variable named accountnumber. The solution must protect against SQL injection attacks.
How should you define the command statement in the function?
A . cmd = "SELECT * FROM Persons p
WHERE p.accountnumber = ‘accountnumber’"
B. cmd = "SELECT * FROM Persons p
WHERE p.accountnumber = LIKE @accountnumber"
C. cmd = "SELECT * FROM Persons p
WHERE p.accountnumber = @accountnumber"
D. cmd = "SELECT * FROM Persons p
WHERE p.accountnumber = ‘" + accountnumber + "’"
Answer: C
Explanation:
Azure Cosmos DB supports queries with parameters expressed by the familiar @ notation. Parameterized SQL provides robust handling and escaping of user input, and prevents accidental exposure of data through SQL injection.
For example, you can write a query that takes lastName and address.state as parameters, and execute it for various values of lastName and address.state based on user input. SELECT *
FROM Families f
WHERE f.lastName = @lastName AND f.address.state = @addressState
Reference: https://docs.microsoft.com/en-us/azure/cosmos-db/sql/sql-query-parameterized-queries
Latest DP-420 Dumps Valid Version with 51 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund