Parameterised queries or stored procedures, instead of dynamically generated queries, are used by software for database interactions.
Topic
Software interaction with databases
Applicable to
Non Classified, Official, Protected, Secret, Top Secret
History
Priority
should
Mar 2025
Parameterised queries or stored procedures, instead of dynamically generated queries, are used by software for database interactions.
The existing control recommending that parameterised queries or stored procedures, instead of dynamically generated queries, are used by web applications for database interactions was amended to expand its applicability from web applications to all applications.
Dec 2023
Parameterised queries or stored procedures, instead of dynamically generated queries, are used by web applications for database interactions.
The existing control relating to the use of parameterised queries or stored procedures instead of dynamically generated queries was reworded.
Mar 2023
Parameterised queries or stored procedures, instead of dynamically generated queries, are used for database interactions.
An existing control relating to the use of parameterised queries or stored procedures for database interactions was reworded to reduce confusion.
2015
Parameterised queries or stored procedures should be used for database interaction insteadof dynamically generated queries.