O'Reilly logo

Advanced Oracle PL/SQL Developer's Guide - Second Edition by Saurabh K. Gupta

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Preventing SQL injection attacks

SQL injection is not a design bug, but an intentional malicious practice. Database developers must adopt best practices while writing PL/SQL code. If code modification is not possible, the application interface layer may also work to reduce the attack surface area.

Let's take a brief look at the precautionary measures to minimize injection attacks:

  • Check your dynamic SQL: Dynamic SQL query text, which is constructed at runtime and directly uses the user-supplied inputs, creates a pregnable hitch point in the application. You can protect them against injection attacks through either of these techniques:
    • Reduce the direct exposure of client inputs to dynamic SQL: You can sanitize and validate the client-supplied inputs ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required