Extending the Defense Beyond Prepared Statements
In this lesson, we will look at the Defense against SQL injections.
We'll cover the following
Limitations of prepared statements #
Prepared statements are great because they’re nearly bulletproof. The downside is that not every part of a SQL statement can be parameterized. Table names, for instance, cannot be parameterized. There’s no way to write a prepared statement like this:
Get hands-on with 1200+ tech skills courses.