Use parameterized statements, use prepared statements.
Discription

When handling input meant to be passed directly into the interpreter:
Use strict mode for your language of choice (e.g. ES6 in NodeJS) and enable automatic type checking where possible (NodeJS has this). If using a typed language, ensure that you are properly validating types on all inputs received from users or external sources. This includes both data coming into the API as well as data being returned back to the user/client application(s). Using TypeScript can also help with this process by providing static typing which is enforced at compile time rather than runtime like dynamic languages such as JavaScript provide
https://t.co/CUeUS1ffQr

Back to Main

Subscribe for the latest news: