InterSystems FAQ rubric
Countermeasures against SQL injection have been published on various websites, but we believe that it is possible to prevent SQL injection in applications using InterSystems SQL as well as other RDBMS by implementing these countermeasures appropriately. In addition, InterSystems Data Platform (hereinafter referred to as IRIS) incorporates several measures that make SQL injection more difficult than general RDBMS.