What is the BEST defense against a Structured Query Language (SQL) injection attack?

A.
Regularly updated signature files

B.
A properly configured firewall

C.
An intrusion detection system

D.
Strict controls on input fields

Explanation:

Structured Query Language (SQL) injection involves the typing of programming command
statements within a data entry field on a web page, usually with the intent of fooling the application
into thinking that a valid password has been entered in the password entry field. The best defense
against such an attack is to have strict edits on what can be typed into a data input field so that
programming commands will be rejected. Code reviews should also be conducted to ensure that
such edits are in place and that there are no inherent weaknesses in the way the code is written;
software is available to test for such weaknesses. All other choices would fail to prevent such an
attack.