Skills Measured 5.5.3 Sample Question
A SQL injection attack occurs when an application allows input submitted by the client to be run as part of a SQL command. What actions should a developer take to ensure that this doesn’t happen? (Choose all that apply.)
- A. Use Entity SQL because it does not suffer from the same risk.
- B. Use SQLParameters to submit the parameters.
- C. Use Linq-to-Entities to access the database,
- D. Filter out keywords and symbols.