Chapter 8. Code-Level Defenses

Solutions in this chapter:

▪ Using Parameterized Statements

▪ Validating Input

▪ Encoding Output

▪ Canonicalization

▪ Designing to Avoid the Dangers of SQL Injection

Summary

Solutions Fast Track

Frequently Asked Questions

Introduction

In Chapter 4, Chapter 5, Chapter 6 and Chapter 7, we focused on ways to compromise SQL injection. But how do we fix it? And how do we prevent SQL injection in our applications going forward? Whether you're a developer with an application that is vulnerable to SQL injection, or whether you're a security professional who needs to advise your client, there are a reasonably small number of things that you can do at the code level to reduce or eliminate the threat of SQL injection.

This chapter ...

Get SQL Injection Attacks and Defense now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

SQL Injection Attacks and Defense by Justin Clarke-Salt

Solutions in this chapter:

Introduction

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly