When developing a web application that requires the interaction with a relational database, which method is the BEST for manipulating and retrieving database information while adhering to good security practices?
Utilize a database API with prepared statements and parameterized queries.
Build SQL queries by directly concatenating user inputs to construct dynamic queries.
Create and exclusively use stored procedures for all interactions from the web application.
Employ command-line tools to execute database statements from within the application code.
Using a database API allows an application to communicate with the database server programmatically, offering a secure and standardized method for performing database operations like query execution and data manipulation. It abstracts the complexity and helps prevent SQL injection attacks by using prepared statements and parameterized queries. On the other hand, building SQL queries by directly concatenating user inputs can be prone to SQL injection attacks. Using command-line tools is not practical for a web application because it is not dynamic and can be insecure if proper precautions are not taken. While stored procedures are a secure way to execute pre-defined SQL statements, they are not a direct method of achieving programmatic access from a web application.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are prepared statements and how do they enhance security?
Open an interactive chat with Bash
Can you explain what an API is in the context of databases?
Open an interactive chat with Bash
What is SQL injection and why is it a security risk?