Skip to main content

Remediation Steps

Follow the steps below to remediate this finding on Drupal.

  1. Use Drupal's database abstraction layer, which automatically escapes and parameterises MySQL queries.

  2. Review any custom modules using db_query() with raw string interpolation and replace with the query builder or named placeholders.

Back to top