DB2
👁 0

Q: How to prevent SQL injection?

Answer:
Use parameter markers (?), not concatenation. PREPARE stmt FROM 'SELECT * FROM t WHERE c = ?'. EXECUTE stmt USING :hostvar. Never build SQL with user input directly. Validate input. Use static SQL when possible.
injection security parameterized