Hello, on the SY0-501 practice exam page there's a question which asks me "Which secure coding technique ensures that improper data is not allowed into the program?" and the two choices that were presented to me that seemed to make any sense out of the four were error handling and stored procedures. So naturally I went ahead and chose stored procedures.
Got it wrong. This is the explanation it gave:
"Using properly written stored procedures protects the database from damage caused by SQL injection attacks, not invalid input."
Are SQL injection attacks not a form of invalid input? No one normally should expect SQL instructions to be passed into an input field. Is there something I'm missing here? Is the question focusing on only one type of invalid input?