Preventive Measure

• To protect user input such as username, course, and password, we need to replace the quote (‘) character in the user input with the XML encoded version of that character, giving us “‘.
• Another better option is to use both parameterized query and parameter input, because for parameter query we have precompiled query, and for parameter input, user input is passed as a parameter instead of expression.

Injection attacks are the most well-known attacks used by hackers to inject code or malware into programs or to query a computer to run remote commands that can read or modify a database or modify data on a website. XPath is a query language that helps by providing relative information on how to find certain elements, such as attributes in an XML document. XPath’s injection is an attack used by hackers to exploit applications that build XPath queries from user input to a browser (navigate) XML document.