18 of 31
Defending against
SQL Injection
uHow to prevent attacks? 
ØEliminate dynamically built SQL and DML operations wherever possible.
ØReplace them with predefined statements or view objects with bind variables. 
§Bind Variables prevent invalid characters from corrupting statements
§DBAs happy since parsing and executing will be more efficient in the database.  
ØIf still need to dynamically build SQL statements
§Perform input validation on any value coming directly from users.