SQL - Security Basics
Which of the following SQL query constructions is syntactically correct and safe from injection?
Which of the following SQL query constructions is syntactically correct and safe from injection?
easy📝 Syntax Q3 of 15
Step-by-Step Solution
Solution:
Step 1: Review each option's syntax and safety
SELECT * FROM users WHERE name = '" + userInput + "'; uses string concatenation, vulnerable to injection. SELECT * FROM users WHERE name = userInput; treats userInput as a column, causing error. SELECT * FROM users WHERE name = CONCAT(userInput); misuses CONCAT function.Step 2: Identify the safe parameterized query
SELECT * FROM users WHERE name = ?; uses a placeholder '?', which is standard for parameterized queries and safe.Final Answer:
SELECT * FROM users WHERE name = ?; -> Option AQuick Check:
Safe syntax = parameter placeholder [OK]
Quick Trick: Use '?' placeholders for safe parameterized queries [OK]
Common Mistakes:
- Using string concatenation with quotes
- Confusing variables with column names
- Misusing SQL functions for input
Master "Security Basics" in SQL
Want More Practice?
15+ quiz questions · All difficulty levels · Free
Free Signup - Practice All QuestionsMore SQL Quizzes