# SQL Injection Prevention Mechanism ### Q: What mechanisms does digiRunner use to prevent SQL Injection attacks? **A:** digiRunner implements **basic SQL injection checks** directly at the gateway level to ensure API security. #### **How it works:** The system uses a lightweight safeguard designed to block requests containing specific risky characters known to be associated with common injection attacks. Specifically, the gateway inspects traffic and blocks inputs containing: * **Single quotes** (`'`) * **Semicolons** (`;`) {% hint style="danger" %} **Important Security Note:** These checks serve as a first line of defense against obvious attack attempts. However, digiRunner is not a substitute for a full-featured Web Application Firewall (WAF). For comprehensive protection against advanced or complex SQL injection threats, we strongly recommend a **layered defense strategy**: combine digiRunner with a dedicated WAF or infrastructure-level security controls. {% endhint %} ***Keywords:** SQL Injection, Security Checks, WAF, Gateway Protection, Risky Characters* --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.tpi.dev/api-management-faq/api-security-and-identity-authentication/sql-injection-prevention-mechanism.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.