During a review of a web application, a team highlights that user-supplied data might be used to run unintended commands. Developers implemented input checks for each field. Which approach best strengthens those checks to limit harmful queries reaching the database?
Restrict traffic based on IP address ranges
Add parameterized calls so that the database distinguishes between code and user values
Enforce logging on every request to detect suspicious activity
Enable strong password complexity for all user accounts
Enforcing parameterized calls ensures that user-supplied values are not treated as executable statements. This applies controls that stop harmful input from changing how queries run. Other approaches are valuable security measures but do not directly mitigate the risk of improperly executed parameters or commands within the database calls.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are parameterized calls in database queries?
Open an interactive chat with Bash
How do parameterized calls prevent SQL injection attacks?
Open an interactive chat with Bash
Are parameterized calls supported by all databases?