Consider this method declaration:
A) "SET SESSION AUTHORIZATION " + user
B) "SET SESSION AUTHORIZATION " + stmt.enquoteIdentifier(user) Is A or B the correct replacement for <EXPRESSION> and why?
A. A, because it sends exactly the value of user provided by the calling code.
B. B, because enquoting values provided by the calling code prevents SQL injection.
C. A and B are functionally equivalent.
D. A, because it is unnecessary to enclose identifiers in quotes.
E. B, because all values provided by the calling code should be enquoted.
A
b
B cannot be correct because enquoteIdentifier() has 2 params. –
enquoteIdentifier(String identifier, boolean alwaysQuote)