This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Parameterized Command Interface"
From OWASP
Line 6: | Line 6: | ||
* PreparedStatement in Java | * PreparedStatement in Java | ||
− | |||
[[Category: Control]] | [[Category: Control]] |
Revision as of 18:50, 27 October 2008
This article is a stub. You can help OWASP by expanding it or discussing it on its Talk page.
A parameterized command interface is used as an alternative to a string-based command interface. This type of interface prevents Injection attacks by keeping parameters separate from the command itself.
Examples of parameterized command interfaces include:
- PreparedStatement in Java