This is a control. To view all control, please see the Control Category page.
Query parameterization refers to the process of building database queries in application code in a specialized way. Query parameterization first defines all static SQL code, and then passes in each parameter to the query in a separate section of code. This coding style allows the database to distinguish between code and data, regardless of what user input is supplied, and successfully defends against SQL Injection.
- SQL Injection
- Code Injection
- XPATH Injection
- Interpreter Injection
- Comment Injection Attack
- Argument Injection or Modification
- Cross-site Scripting (XSS)
- Cross Site History Manipulation (XSHM)
- Regular expression Denial of Service - ReDoS
- Cross Site Tracing