MISSION 247

Prepared Statements and SQL Injections

In this lesson, you'll learn about prepared statements, which are are a SQL mechanism that can be used to safely set up dynamic queries where some of the query values are given as input from the user. 

You'll also learn about SQL injections, which are injections where the user is able to execute a custom query by passing it as a parameter. Because SQL injections are a very common security problem, you will learn to avoid SQL injections when you are building an interface for users to query a database.

Knowing how to work with prepared statements and avoid SQL injections are both critical Postgres skills for data engineers, and getting them right will help protect your data from outside attackers and malicious actors. As you work through this lesson and learn these Postgres security conceps, you’ll also be applying what you’re learning in code, and getting your work checked by our answer-checker.

Objectives

  • Learn about prepared statements.
  • Learn about SQL injections and how to prevent them.

Mission Outline

1. ​Execute Method Placeholders
2. ​SQL Injections
3. ​Getting the Address
4. ​Avoiding SQL Injections
5. ​Prepared Statements
6. ​Prepared Statements Table
7. ​Runtime Gain
8. Next steps
9. Takeaways

postgres-for-data-engineers

Course Info:

Intermediate

The median completion time for this course is 5.2 hours. View Details

This course requires a premium subscription. This course includes five missions, one installation tutorial and one guided project.  It is the first course in the Data Engineer path.

START LEARNING FREE

Take a Look Inside