Examice

Exam 1z0-816 All QuestionsBrowse all questions from this exam

Go to Exam

Question 34

Consider this method declaration:

A) “SET SESSION AUTHORIZATION “ + user

B) “SET SESSION AUTHORIZATION “ + stmt.enquoteIdentifier(user)

Is A or B the correct replacement for and why?

A, because it sends exactly the value of user provided by the calling code.

B, because enquoting values provided by the calling code prevents SQL injection.

A and B are functionally equivalent.

A, because it is unnecessary to enclose identifiers in quotes.

B, because all values provided by the calling code should be enquoted.

Correct Answer: B

B is the correct replacement because enquoting values provided by the calling code prevents SQL injection. SQL injection is a common web application vulnerability that occurs when an attacker is able to manipulate a query by injecting malicious input. Using stmt.enquoteIdentifier(user) ensures that the user input is appropriately treated as an identifier, preventing any malicious manipulation.

Discussion

Sa16253748596Option: B

B is true