ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam 70-486 All Questions

View all questions & answers for the 70-486 exam
Go to Exam

Exam 70-486 topic 1 question 75 discussion

Actual exam question from Microsoft's 70-486
Question #: 75
Topic #: 1
[All 70-486 Questions]

You are developing an ASP.NET MVC application that uses forms authentication. The application uses SQL queries that display customer order data.
You need to prevent all SQL injection attacks against the application.
How should you secure the queries?

  • A. Implement parameterization.
  • B. Pattern check the input.
  • C. Filter out prohibited words in the input.
  • D. Escape single quotes on string-based input parameters.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
With most development platforms, parameterized statements that work with parameters can be used (sometimes called placeholders or bind variables) instead of embedding user input in the statement. A placeholder can only store a value of the given type and not an arbitrary SQL fragment. Hence the SQL injection would simply be treated as a strange (and probably invalid) parameter value.
Reference:
https://en.wikipedia.org/wiki/SQL_injection#Parameterized_statements
by hungry_ape9000 at May 12, 2020, 7:21 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
arohh
4 years, 5 months ago
Answer is: implement parametrization
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago