A. Snort signatures
C. Web and database design
The correct answer is C.
Firewalls provide little or no defense against SQL injection attacks because web sites require constant access to the database. Your website is public and firewalls must be set to allow every site visitor access to your database, usually over port 80/443.
The most commonly used SQL injection defense is made up of two components. First there is routine updating and patching of all servers, services and applications which of course has many advantages and is common practice. Then there is producing and using well written and well tested website code that disallows unexpected SQL commands.
Certified Ethical Hacker v9