Developing ASP.NET MVC Web Applications — Question 111

You are developing an ASP.NET MVC application that uses forms authentication. The application uses SQL queries that display customer order data.
You need to prevent all SQL injection attacks against the application.
How should you secure the queries?

Answer options

• A. Implement parameterization.
• B. Pattern check the input.
• C. Filter out prohibited words in the input.
• D. Escape single quotes on string-based input parameters.

Correct answer: A

Explanation

The correct choice is A, as implementing parameterization effectively separates SQL code from data, thereby preventing SQL injection. The other options, while they may enhance security, do not provide the same level of protection against injection attacks as parameterized queries do.