Preventing SQL Injection

Posted on 16th Feb 2014 07:03 pm by admin

I have a question about SQL Injection, In some of our code we use this: view plaincopy to clipboardprint?Replace(inString, "'", "''") Replace(inString, "'", "''") does this prevent all forms of SQL Injection? Also what exactly does parameterized statements do?view plaincopy to clipboardprint?myCommand.Parameters.AddWithValue("@username", user); myCommand.Parameters.AddWithValue("@password", pass);

Your Answer:

Login to answer

Other forums

DYNPRO_FIELD_CONVERSION
Hi gurus,

I got a dump when I run one of my program. the dump is described below:

CURL XML Request [From C to PHP]
Hi,

I need some help converting this into something that will work with PHP.

Code: #

help countdown timers
hello every one,

I'd like to know how to insert many countdowns in the same page.
The dura

Error in Configure System Landscape Directory phase
Hi

We are getting the error in Configure SLD phase ( 41 of 44 phase).

Please f

Remove directories not empty
hi,
i have an array that contains some names (1,4,6,56...). Every integer is a name of a folder.<

! = ''
In the following 'IF' statement if v_ompcat = PU for example then Oracle equates that 'IF' statement

Record count of entire database
Does anyone know if there is a way to obtain the number of records in each table of the database usi

Slashes
Have a small problem and I'm not able to understand why I'm getting the results I'm getting... and i

Problems with array
This code is the last lines in an upload script that uploads 4 images at the same time and writes th

Better Method of a Member Cloud
I assume most people know how tag clouds work, where the tags most used are bigger and the least use