An attacker cannot perform a SQL injection attack if a web application's input fields are limited to predefined choices such as drop-down menus and radio buttons.
An attacker can still craft a SQL injection attack even if a web application's input fields offer only predefined choices. Attackers may manipulate these inputs by intercepting the HTTP request and modifying the values before they are sent to the server or by using other attack vectors that don't rely on user input fields, like exploiting database vulnerabilities directly. Therefore, relying solely on predefined choices is not sufficient to prevent SQL injection attacks.
Learn More
AI Generated Content may display inaccurate information, always double-check anything important.
What is SQL injection and how does it work?
What are some methods to protect against SQL injection attacks?
What are HTTP requests, and how can they be intercepted in attacks?