How it works...
The main part of preventing any kind of code injection attack is always a proper input validation, both on the client side and the server side.
For SQL Injection, always use parameterized or prepared queries instead of concatenating SQL sentences and inputs. Parameterized queries insert function parameters in specified places of an SQL sentence, eliminating the need for programmers to construct the query themselves by concatenation.
In this recipe, we have used and recommended the language's built-in validation functions, but you can create your own if you need to validate a special type of input using regular expressions.
Apart from performing a correct validation, we also need to reduce the impact of the compromise in case ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access