What is the preferred method for preventing SQL injection?
A.
Always using prepared statements for all SQL queries.
B.
Always using the available database-specific escaping functionality on all variables prior
to building the SQL query.
C.
Using addslashes() to escape variables to be used in a query.
D.
Using htmlspecialchars() and the available database-specific escaping functionality to
escape variables to be used in a query.