From the course: CompTIA CySA+ (CS0-002) Cert Prep: 4 Software and Systems Security
Unlock the full course today
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Parameterized queries
From the course: CompTIA CySA+ (CS0-002) Cert Prep: 4 Software and Systems Security
Parameterized queries
- [Instructor] Parameterized queries offer another technique to protect applications against injection attacks. In a parameterized query, the client does not directly send SQL code to the database server. Instead, the client sends arguments to the server, which then inserts those arguments into a pre-compiled query template. This approach protects against injection attacks and also improves database performance. Stored procedures are an example of an implementation of paramterized queries used by some database platforms. Let's take a look at an example; I'm using Azure Data Studio to access a SQL Server database, and this database has a table called customers that contains contact information for a business's customers. I can write a SQL query to show me all of the customers located in Texas. I'm going to issue the select command and say I'd like to select all fields from the customers table, where the customer state…
Contents
-
-
-
-
-
(Locked)
Input validation2m 46s
-
(Locked)
Parameterized queries3m 35s
-
(Locked)
Authentication and session management issues2m 41s
-
(Locked)
Data protection3m 39s
-
(Locked)
Output encoding3m 55s
-
(Locked)
Error and exception handling3m 52s
-
(Locked)
Code repositories6m 29s
-
(Locked)
Code signing2m 50s
-
(Locked)
-
-
-
-
-
-
-
-
-
-