From the course: CCSP Cert Prep: 4 Cloud Application Security
Join today to access over 24,300 courses taught by industry experts.
Parameterized queries
From the course: CCSP Cert Prep: 4 Cloud Application Security
Parameterized queries
- [Instructor] Parameterized queries offer another approach that protects applications against injection attacks. In a parameterized query the client does not directly send SQL code to the database server. Instead, the client sends arguments to the server, which then inserts those arguments into a precompiled query template. This approach protects against injection attacks, and also improves database performance. Stored procedures are an example of an implementation of parameterized queries used by some database platforms. Let's take a look at an example. I'm using Azure Data Studio to access a SQL server database. This database has a table called Customers that contains contact information for a businesses' customers. I can write a SQL query to show me all of the customers located in the state of Texas. I'll write select star from the customers table where the customer state equals Texas, and when I execute this code I see…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
-
(Locked)
Secure coding guidance1m 59s
-
(Locked)
Input validation2m 37s
-
(Locked)
Parameterized queries3m
-
(Locked)
Authentication and session management issues1m 49s
-
(Locked)
Output encoding3m 13s
-
(Locked)
Error and exception handling3m
-
(Locked)
Code signing2m 8s
-
(Locked)
Database security3m 53s
-
(Locked)
-
-
-
-
-