Blend this with organized statements and query parameterization, and you should have strong protection altogether. In Blind SQLi, we can never ever make sure that whether or not the injection exists within the page or not, so it’s entirely blind to us so we must rely on other procedures : https://reidponka.blogtov.com/10234761/the-smart-trick-of-cheat-slot-that-no-one-is-discussing
