CompTIA CASP+ (CAS-004) — Question 488

A security architect discovers the following while reviewing code for a company's website:

selection = "SELECT Item FROM Catalog WHERE ItemID = " & Request("ItemID")

Which of the following should the security architect recommend?

Answer options

• A. Client-side processing
• B. Query parameterization
• C. Data normalization
• D. Escape character blocking
• E. URL encoding

Correct answer: B

Explanation

The correct answer is B, as query parameterization helps prevent SQL injection by separating SQL code from data. The other options, such as client-side processing and URL encoding, do not effectively address the security vulnerability present in the SQL query. Data normalization and escape character blocking do not specifically mitigate the risk of SQL injection in this context.