Difference between revisions of "Parameterized Command Interface"

Jump to: navigation, search
Line 6: Line 6:
* PreparedStatement in Java
* PreparedStatement in Java
[[Category: Control]]
[[Category: Control]]

Revision as of 12:50, 27 October 2008

This article is a stub. You can help OWASP by expanding it or discussing it on its Talk page.

A parameterized command interface is used as an alternative to a string-based command interface. This type of interface prevents Injection attacks by keeping parameters separate from the command itself.

Examples of parameterized command interfaces include:

  • PreparedStatement in Java