Query Parameterization

Description
Query parameterization refers to the process of building database queries in application code in a specialized way. Query parameterization first defines all static SQL code, and then passes in each parameter to the query in a separate section of code. This coding style allows the database to distinguish between code and data, regardless of what user input is supplied, and successfully defends against SQL Injection.

Related Attacks

 * SQL Injection
 * Code Injection
 * XPATH Injection
 * Interpreter Injection
 * Comment Injection Attack
 * Argument Injection or Modification
 * Cross-site Scripting (XSS)
 * Cross Site History Manipulation (XSHM)
 * Regular expression Denial of Service - ReDoS
 * Cross Site Tracing