Preventing SQL Injection


Posted on 16th Feb 2014 07:03 pm by admin

I have a question about SQL Injection, In some of our code we use this: view plaincopy to clipboardprint?Replace(inString, "'", "''") Replace(inString, "'", "''") does this prevent all forms of SQL Injection? Also what exactly does parameterized statements do?view plaincopy to clipboardprint?myCommand.Parameters.AddWithValue("@username", user); myCommand.Parameters.AddWithValue("@password", pass);

No comments posted yet

Your Answer:

Login to answer
202 Like 50 Dislike
Previous forums Next forums
Other forums

Error in SQL Syntax HELP!!!
I have this page:

Code: <?php

session_start();

//connect to server and s

a very simple php header question (sorry!)
Firstly...I do apologise if this annoys anyone....a header error

I'm do not know php &

Add_Months not Easy to Understand
Oracle is number 1, very fast and very easy. But....
OK, I think but have a problem, only 1 pro

MySQL noob question
hi guys

I have a simple mysql table set up, along the lines of

Col 1 - Col 2 - Date_l

Count of reciepients in php mailer
How can i sent a mail to large no of reciepients say 10,00,00 Using PHP MAILER

Working with Dates, help.
Sooo to make a long story short, here's what im trying to accomplish.

I need to create a drop

Take info from one coloum and move to another
Hi all,

I have this:
Code: [Select]$array = "SELECT stock_id FROM stocks WHERE stock_

links using header()
Hi All

I'm not sure where to ask for help on this but I hope someone can offer some. I'm at

array_diff weirdness
I'm using the following bit of code

$diff = array_diff($pids, $pidlist);
$diff = array_va

Easy administration on MySQL databases
My website is database driven and I am very tired of manually making queries to my tables in order t

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



Play Free Quiz and Win Cash