Which approach is the most effective way to prevent SQL injection attacks in application code?
-
A
Escaping all user input with a custom function
-
B
Using parameterized queries (prepared statements)
-
C
Validating that input contains no spaces
-
D
Encrypting the database connection string