Extending the Defense Beyond Prepared Statements

In this lesson, we will look at the Defense against SQL injections.

Limitations of prepared statements #

Prepared statements are great because they’re nearly bulletproof. The downside is that not every part of a SQL statement can be parameterized. Table names, for instance, cannot be parameterized. There’s no way to write a prepared statement like this:

Get hands-on with 1200+ tech skills courses.