🔒 AppSec & Secure Code Review Language

5 exercises — input validation, sanitisation, SAST/DAST, and secure code review vocabulary for developers and security engineers. Advanced

0 / 5 completed
1 / 5

A Java code review finds this line:

String query = "SELECT * FROM users WHERE email = '" + email + "'";

The review comment reads: "This is vulnerable to SQL injection — use parameterised queries."

What does a parameterised query (prepared statement) mean?