Which statement is true regarding an SQL consultant's use of user input as part of a dynamic SQL query? A. SQL Consulting recommend the string should be URL encoded by the input form to prevent errors. B. SQL consultants use the String.format () method should be used to prevent injection. C. SQL consultant uses quotes should be escaped to protect against SQL injection.
D. Free text input should not be allowed, to avoid SQL injection.
Discussion: Use the string format to prevent injections and hijacking.
Our Recent Posts
Microsoft CRM Programmer and field construction
July 12, 2018
Microsoft Dynamics 365 Developer and system limits.