Which secure coding practice most directly mitigates SQL injection?
A CISSP practice question covering Domain 8: Software Development Security. Try answering before reading the explanation below.
Show options & answer
Why "Parameterized queries with prepared statements" is the right answer
Parameterized queries separate SQL syntax from user-supplied values, so untrusted input cannot break out of a string literal and inject control characters. Stored procedures and ORMs that build parameterized queries also work. Compiler settings, pool sizes, and password hashing don't address the injection mechanism.
Take the full CISSP practice test
120 questions, instant explanations, study-video links on every miss. No account.