If you use a framework of some sort, you probably haven't thought about SQL injection for some time – in fact it almost seems dated to even discuss it. However, security should never be overlooked and it's important to not trust third party applications and people by default! So what is the best way to prevent SQL injection?Have you noticed how I haven't specified a specific language? This is done purposely, because at the end of the day – all languages – should be able to follow this paradigm…
<!--more-->
<script type="text/javascript"><!-- google_ad_client = "ca-pub-5871284963570559"; /* endyourif - content */ google_ad_slot = "3358884038"; google_ad_width = 336; google_ad_height = 280; //--> </script> <script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"> </script>
When dealing with data either through the URL or via a user submitted form, the best way to prevent SQLinjection is to investigate prepared SQL statements OR parameterized queries in whatever language you are using.
