An analyst determines that harmful content introduced through user-submitted fields caused a backend data query to run in ways never intended. Which method is the best choice to prevent these exploits and allow valid requests to continue working?
Lock down all external submissions by discarding them
Use parameter placeholders for all requests that include external fields
Return detailed technical information when queries fail
Record all client data in a log for post-event analysis
Configuring statements to handle outside data properly ensures that commands remain separate from content, deterring malicious alterations. Other approaches in the list do not address the core reason behind the exploit. Restricting all inputs is too broad, logging alone does not protect the service, and broadcasting error information can reveal the system’s weaknesses.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
How do parameter placeholders prevent malicious exploits?
Open an interactive chat with Bash
What are some examples of harmful content in user-submitted fields?
Open an interactive chat with Bash
What is the difference between parameterized queries and input validation?