What is the primary mechanism Drupal's Database API uses to prevent SQL injection attacks?
-
A
Regular expression validation on all user input before database operations
-
B
Prepared statements that separate SQL structure from user-supplied data
-
C
Escaping query strings with PHP's htmlspecialchars() function
-
D
Whitelisting allowed characters in all form field values