If we use best secure way for executing query such as prepared statement or parameterized query to prevent SQL injection attacks, is there guarantee to not any database error occure in executing it? for example, sending invalid parameter for a given type in inserting record, cause error instead of use default value. can you bring an example?
One example, where parameterised queries doesn't prevent database errors is a user could provide input so long it won't fit inside the database type such as a 100,000 words essay in a username field limited to 50 characters.
Also, parameterised queries won't protect against duplicate primary key errors, if say, a username they request on a registration form is already taken.
parameterised queries only ensure the values aren't interpreted as SQL, it won't prevent any other form of error (such as the SQL statement failing because the database is out of disk space)