An analyst determines that harmful content introduced through user-submitted fields caused a backend data query to run in ways never intended. Which method is the best choice to prevent these exploits and allow valid requests to continue working?
Lock down all external submissions by discarding them
Use parameter placeholders for all requests that include external fields
Record all client data in a log for post-event analysis
Return detailed technical information when queries fail
Configuring statements to handle outside data properly ensures that commands remain separate from content, deterring malicious alterations. Other approaches in the list do not address the core reason behind the exploit. Restricting all inputs is too broad, logging alone does not protect the service, and broadcasting error information can reveal the system’s weaknesses.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are parameter placeholders?
Open an interactive chat with Bash
How does using parameterized queries prevent SQL injection?
Open an interactive chat with Bash
What security risks do detailed error messages pose?