== Input validation alone is not enough!!

You need to do both use parametrized queries and validate the input received from the user. On StackOverflow you will
see alot of answers stating that input validation is enough. *However* it only takes you so far before you know it
the validation is broken, and you have an SQL injection in your application.

A nice read why it is not enough can be found https://twitter.com/marcan42/status/1238004834806067200?s=21

Let's repeat one of the previous assignments, the developer fixed the possible SQL injection with filtering, can you
spot the weakness in this approach?

Read about the lesson goal link:start.mvc#lesson/SqlInjectionAdvanced.lesson/2[here].