Extending the Defense Beyond Prepared Statements
In this lesson, we will look at the Defense against SQL injections.
We'll cover the following
Limitations of prepared statements
Prepared statements are great because they’re nearly bulletproof. The downside is that not every part of a SQL statement can be parameterized. Table names, for instance, cannot be parameterized. There’s no way to write a prepared statement like this:
Get hands-on with 1200+ tech skills courses.