From the course: CompTIA Security+ (SY0-601) Cert Prep: 2 Secure Code Design and Implementation
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Parameterized queries
From the course: CompTIA Security+ (SY0-601) Cert Prep: 2 Secure Code Design and Implementation
Parameterized queries
- [Instructor] Parameterized queries offer another approach that protects applications against injection attacks. In a parameterized query, the client does not directly send SQL code to the database server. Instead, the client sends arguments to the server, which then inserts those arguments into a pre-compiled query template. This approach protects against injection attacks and also improves database performance. Stored procedures are an example of an implementation of parameterized queries used by some database platforms. Let's take a look at an example. I am using Azure Data Studio to access a SQL server database. This database has a table called customers that contains contact information for a business' customers. I can write a SQL query to show me all of the customers located in the state of Texas. I'll write select star from the customer's table, where the customer state equals Texas, and when I execute this…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
-
-
(Locked)
Input validation2m 37s
-
(Locked)
Parameterized queries3m
-
(Locked)
Authentication and session management issues1m 49s
-
(Locked)
Output encoding3m 13s
-
(Locked)
Error and exception handling3m
-
(Locked)
Code signing2m 8s
-
(Locked)
Database security3m 53s
-
(Locked)
Data deidentification2m 44s
-
(Locked)
Data obfuscation2m 12s
-
(Locked)
-