Examine the following line of code that is part of a PL/SQL application:
stmt:=’SELECT session_id FROM sessions WHERE ‘ || p_where_stmt;
Identify a solution for preventing SQL injection in the above code.
A.
Replace P_WHERE_STMT with a bind variable.
B.
Do not use APIs that allow arbitrary query parameters to be exposed.
C.
Use the RESTRICT_REFERENCES clause in the PL/SQL subprogram that contains the code.
D.
Use DBMS_SQL to detect that the expression provided for P_WHERE_STMT is free from
SQL injection.
B