Parameterized Queries
Input Validation
- Use a "blacklist" of words or characters to search SQL input, to prevent SQL Injection attacks.
- Whitelist Validation, you specify a set of patterns or characters you can allow in an input field. Anything which doesn't match the pattern is blocked automatically.
Database access control
- Restrict database permission to just what is necessary for their legitimate use of the system.
- But not effective since the blacklist has to be maintained quite frequently over time.

Injection

results matching ""