Identify the error in this SQL query construction using string concatenation: query = "SELECT * FROM users WHERE id = " + userId; where userId is a string input.

medium📝 Debug Q14 of 15

SQL - Security Basics

Identify the error in this SQL query construction using string concatenation: query = "SELECT * FROM users WHERE id = " + userId; where userId is a string input.

AUsing plus sign for concatenation is invalid in SQL.

BNo error; query is correct.

CQuery is safe from SQL injection.

DMissing quotes around userId value causing syntax error.

Step-by-Step Solution

Solution:

Step 1: Check how userId is inserted in query
The query concatenates userId without quotes, so if userId is a string, SQL syntax breaks.
Step 2: Understand SQL string literal requirements
String values must be enclosed in single quotes in SQL to be valid.
Final Answer:
Missing quotes around userId value causing syntax error. -> Option D
Quick Check:
String values need quotes = B [OK]

Quick Trick: String inputs need quotes in SQL queries [OK]

Common Mistakes:

Thinking plus sign is invalid in code
Assuming query is safe from injection
Ignoring missing quotes causes errors

Master "Security Basics" in SQL

9 interactive learning modes - each teaches the same concept differently

Learn Why Deep Visual Try Challenge Project Recall Time

Want More Practice?

15+ quiz questions · All difficulty levels · Free

Free Signup - Practice All Questions

More SQL Quizzes

Identify the error in this SQL query construction using string concatenation: query = "SELECT * FROM users WHERE id = " + userId; where userId is a string input.

Step 1: Check how userId is inserted in query

Step 2: Understand SQL string literal requirements

Final Answer:

Quick Check:

Want More Practice?