I’m in the midst of applying SQL parameters to my project to prevent SQL

Question

0

Editorial Team

Asked: May 26, 20262026-05-26T06:58:03+00:00 2026-05-26T06:58:03+00:00

I’m in the midst of applying SQL parameters to my project to prevent SQL

0

I’m in the midst of applying SQL parameters to my project to prevent SQL Injection.

Do I add parameters to every query in my application, including the queries that don’t have any user interaction?

For example, if my user wanted to search for a keyword and submitted a text field. I’ve added the parameterized method to the query that used that keyword, to stop the user adding something malicious. But underneath this query, is another query, which get’s the keyword ID from the top search and runs it’s own little query elsewhere.

This is what’s confusing to me, do I add the parameter method to this query too, even though the keyword ID wasn’t from the user?

Many thanks

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-26T06:58:03+00:00

Editorial Team

2026-05-26T06:58:03+00:00Added an answer on May 26, 2026 at 6:58 am

Yes, use parameterized queries in any place you have parameters.

The fact that today no user input is used on a specific query doesn’t mean tomorrow will be the same. Code changes. Perhaps a malicious user will figure out how to compromise the first query and then the second one.

You should think about defense in depth.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I’m in the midst of applying SQL parameters to my project to prevent SQL

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply