Hello, you are using an old browser that's unsafe and no longer supported. Please consider updating your browser to a newer version, or downloading a modern browser.
Training Camp • Cybersecurity Glossary
Parameterized queries, or prepared statements, separate SQL code from user input to prevent SQL injection, the top defense against injected queries.
Parameterized Queries Definition: Parameterized queries, or prepared statements, separate SQL code from user input to prevent SQL injection, the top defense against injected queries.
Parameterized queries, also called prepared statements, are a database access technique that separates SQL code from user-supplied data by sending the query structure and the parameter values to the database independently. Because input is bound as data rather than concatenated into the query string, it cannot alter the query's logic, making this the primary defense against SQL injection. Most database drivers and frameworks support parameterization through placeholders bound at execution time.
Turn knowledge into credentials with our instructor-led cybersecurity boot camps.
View All Courses →