Examine the following PL/SQL statements:
Stmt=’SELECT session_id FROM sessions WHERE ‘|| p_where_stmt;
Identify a solution for preventing SQL injection in the above code.
A. Replace P_WHERE_STMT with a bind variable
B. Do not use APIs that allow arbitrary query parameters to be exposed
C. Use the RESTRICT_REFERENCES clause in the PL/SQL subprogram that contains the code
D. Use DBMS_SQL to detect that the expression provided for P_WHERE_STMT is free from SQL injection
|
Download Printable PDF. VALID exam to help you PASS. |
 |