This lesson describes various mitigations mechanisms against SQL Injection.
Immutable Queries
These are the best defense against SQL injection. They either do not have data that could get interpreted or they treat the data as a single entity that is bound to a column without interpretation.
Static Queries
SELECT * FROM products;
SELECT * FROM users WHERE user = "'" + session.getAttribute("UserID") + "'";
Parameterized Queries
String query = "SELECT * FROM users WHERE last_name = ?";