KoreField
Lessons/Cybersecurity and AI Security/Beginner/Threat Awareness

Input Validation and Injection Prevention

35 min Coding Lab
Identify SQL injection vulnerabilities in codeApply parameterised queries to prevent injectionValidate and sanitise user input

AI Avatar Lesson

Video will be available when Cloudflare Stream is configured

35 min
Coming Soon

Injection Attacks

Injection flaws occur when untrusted data is sent to an interpreter as part of a command or query. SQL injection is the most well-known, but command injection, LDAP injection, and prompt injection (in AI systems) follow the same pattern.

Defence: Parameterised Queries

Parameterised queries separate SQL code from data. The database engine treats parameters as data values, not executable code — completely preventing SQL injection.

In AI systems, prompt injection follows the same principle — untrusted user input is mixed with system instructions. Always separate user content from system prompts.

Key Takeaway

Never concatenate user input into queries or commands. Use parameterised queries, input validation, and output encoding.

Review Questions

1. Why do parameterised queries prevent SQL injection?

Previous LessonNext Lesson