Preventing SQL injection attacks

SQL injection is not a design bug, but an intentional malicious practice. Database developers must adopt best practices while writing PL/SQL code. If code modification is not possible, the application interface layer may also work to reduce the attack surface area.

Let's take a brief look at the precautionary measures to minimize injection attacks:

Check your dynamic SQL: Dynamic SQL query text, which is constructed at runtime and directly uses the user-supplied inputs, creates a pregnable hitch point in the application. You can protect them against injection attacks through either of these techniques:
- Reduce the direct exposure of client inputs to dynamic SQL: You can sanitize and validate the client-supplied inputs ...

Get Advanced Oracle PL/SQL Developer's Guide - Second Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Advanced Oracle PL/SQL Developer's Guide - Second Edition by Saurabh K. Gupta

Preventing SQL injection attacks

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly