General Checks

General Checks

• All database queries use parameterized statements or prepared statements
• No string concatenation or interpolation in SQL queries
• Input validation is performed on all user inputs
• Dynamic table/column names are validated against allowlists
• Stored procedures don't use dynamic SQL internally