Preventing SQL Injection

Posted on 16th Feb 2014 07:03 pm by admin

I have a question about SQL Injection, In some of our code we use this: view plaincopy to clipboardprint?Replace(inString, "'", "''") Replace(inString, "'", "''") does this prevent all forms of SQL Injection? Also what exactly does parameterized statements do?view plaincopy to clipboardprint?myCommand.Parameters.AddWithValue("@username", user); myCommand.Parameters.AddWithValue("@password", pass);

Your Answer:

Login to answer

Other forums

Help me with some material on Open Text Overview.
Hi Experts,
Please help me out with some material on Open Text. I have been supporting AP Workf

Problem with Subscreen
Dear Experts ,
I am facing a problem with the subscreens. My senario is as follows :

All possible combinations of Strings from table in PL/SQL
Hi,

I am trying to figure out how to build a list of all possible string combinations fro

newbie question about multiple queries
hi everyone,
I'm sorry to ask such a basic question, but I'm young and trying to learn php on my

simple php table loop
Hi all,

I've the following code

<?php // Create category options

HOW to get the bind variables list.
I've the following problem : I've some SQL queries stored in my DB as VARCHAR2 values.
I need t

SuperCali PHP Event Calendar
does anyone have any experience with the SuperCali PHP Event Calendar? I could use some assistance

How to kill asynchronous postback / current postback?
Hi,here is my problem:I have a web site with many pages of which some may take time to process resul

Printing a webpage
I use this to print the webpage: o

help removing unwanted graphic
How do I remove the small elongated rectangular shape between the "Latest post" and "