Identify two strategies against SQL injection. (Choose two.)
A.
Using parameterized queries with bind arguments.
B.
Use subprograms that are run with the definer’s right.
C.
Use RESTRICT_REFERENCE clauses in functions that use dynamic SQLs.
D.
Validate user inputs to functions that use dynamic SQLs built with concatenated values.
‘B’ is also correct rt? Why it is wrong
http://download.oracle.com/oll/tutorials/SQLInjection/html/lesson1/les01_tm_avoid.htm
A,D
why c) is incorrect? RESTRICT_REFERENCE can prevent runtime to modify table, packag variable.