Preventing SQL Injection

Posted on 16th Feb 2014 07:03 pm by admin

I have a question about SQL Injection, In some of our code we use this: view plaincopy to clipboardprint?Replace(inString, "'", "''") Replace(inString, "'", "''") does this prevent all forms of SQL Injection? Also what exactly does parameterized statements do?view plaincopy to clipboardprint?myCommand.Parameters.AddWithValue("@username", user); myCommand.Parameters.AddWithValue("@password", pass);

Your Answer:

Login to answer

Other forums

mysql VARCHAR acting like INT
Hi, All.

I have a table that contains a varchar(10) column named weird_field. In this column

Help building / using array
First - this is a cross-posting, if this is wrong I apologise! What started out as a MySQL query que

How to have a log of all the status a VIM document had been ?
Hi guys,

I’m using SAP Invoice Management plugin and the /OPT/VIM_ANALYTICS transa

session variable problem
Session variable is not working in Fire fox i am getting null value but it is working fine in IE.

Using mysql_real_escape_string for displayed content
On my website users can input data into a textarea and it will store it in the mysql database. But,

login page does not execute a else statement
I've created a login page using sessions.
When an incorrect user name or password is entered then

php libs/ browsercap.in
ok i have a host that refuses to stay current. they control my php settings and libs. is there a way

C - Reading a file into a byte array
Hi,

I'm trying to read a file into a byte array in C. I have to use C as this is for a loadru

Batch Related Pricing
Hi, I need some clarity on the batch related pricing

For example the following are the b

Inserting multiple records from single form
I've found a number of threads that deal with this issue, but I'm new to php and coding language so