Preventing SQL Injection in C

Question

I am writing a C application that takes some user input and does a few database queries. I am well aware of the risks here of SQL injection and wish to prevent it.

I

Answer 1

I believe that you want to use prepared statements and parameter binding. Do not directly interpolate user data into your queries. See the MySQL manual for info on this.