Out of the following which one can be considered as a possible solutions for SQL injection vulnerability?
-
Data Validation
-
Secure Cookies
-
Encryption
-
Comprehensive exception handling
Data validation ensures that user input conforms to expected formats before being used in database queries, making it harder for attackers to inject malicious SQL code. Secure cookies, encryption, and exception handling are important security measures but they don't directly prevent SQL injection attacks. SQL injection specifically exploits unvalidated input concatenated into SQL statements.
SQL injection happens when untrusted input is concatenated into a query and interpreted as SQL syntax rather than plain data. Validating (and ideally parameterizing) input so it can't alter the query's structure directly closes this hole, whereas secure cookies, encryption, and exception handling address entirely different risks (session security, data confidentiality, and error disclosure respectively) and don't stop malicious query manipulation.