Home » Microsoft » MB6-886 » You have to protect yourself against SQL injections what should you do:
You have to protect yourself against SQL injections what should you do:
A. Parse all input for: -- /* */ ; ‘
B. Concatenate user input that is not validated.
C. Accept the following strings in fields from which file names can be constructed: AUX, CLOCK$, COM1 through COM8, CON, CONFIG$, LPT1 through LPT8, NUL, and PRN.
D. Use stored procedures with unfiltered input.
Correct Answer: A
Explanation/Reference:
When you can, reject input that contains the following characters.
• Query delimiter (;)
• Character data string delimiter (‘)
• Comment delimiter (--)
• Comment delimiters.(/* … */) Text between /* and */ is not evaluated by the server.
• xp_ Used at the start of the name of catalog-extended stored procedures, such as xp_cmdshell.
Read more: http://msdn.microsoft.com/en-us/library/ms161953.aspx