An attacker cannot perform a SQL injection attack if a web application's input fields are limited to predefined choices such as drop-down menus and radio buttons.
An attacker can still craft a SQL injection attack even if a web application's input fields offer only predefined choices. Attackers may manipulate these inputs by intercepting the HTTP request and modifying the values before they are sent to the server or by using other attack vectors that don't rely on user input fields, like exploiting database vulnerabilities directly. Therefore, relying solely on predefined choices is not sufficient to prevent SQL injection attacks.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is SQL injection and how does it work?
Open an interactive chat with Bash
What are some methods to protect against SQL injection attacks?
Open an interactive chat with Bash
What are HTTP requests, and how can they be intercepted in attacks?