So far, we have seen that SQL injections are very dangerous; they also occur very easily and are very easy to find. We will find them everywhere, even in really famous websites. People try to prevent these vulnerabilities using filters. Filters can make it look like there are no exploits, but if we actually try harder, by using different types of encoding, or a proxy, we will be able to bypass most of these filters. Some programmers use a blacklist so, for example, they prevent the use of union and the insert statement. Again, it's not 100% secure, and it can be bypassed. Using a whitelist has exactly the same issues as a blacklist.

The best way to prevent SQLi is to program our web application so that it does not allow ...