Examine the following PL/SQL statements: Stmt=`SELECT session_id FROM sessions WHERE `|| p_where_stmt; Identify a solution for preventing SQL injection in the above code. 

Answer options:

A. Replace P_WHERE_STMT with a bind variable
B. Do not use APIs that allow arbitrary query parameters to be exposed
C. Use the RESTRICT_REFERENCES clause in the PL/SQL subprogram that contains the code
D. Use DBMS_SQL to detect that the expression provided for P_WHERE_STMT is free from SQL injection

B