Preventing SQL Injection

Posted on 16th Feb 2014 07:03 pm by admin

I have a question about SQL Injection, In some of our code we use this: view plaincopy to clipboardprint?Replace(inString, "'", "''") Replace(inString, "'", "''") does this prevent all forms of SQL Injection? Also what exactly does parameterized statements do?view plaincopy to clipboardprint?myCommand.Parameters.AddWithValue("@username", user); myCommand.Parameters.AddWithValue("@password", pass);

Your Answer:

Login to answer

Other forums

Problem Dereferencing
With these types and tables:

CREATE TYPE MANAGER AS OBJECT (
MGR_ID INTEGER,

links using header()
Hi All

I'm not sure where to ask for help on this but I hope someone can offer some. I'm at

Trouble with a select list
Hello All!
I was wondering if any of you guys could help me with a small problem I'm having!

please, need help coding this voting for your favorite car polling system.
hi, my code needs a lot of work, but i want to be able to let users vote on their favorite car, upda

CE 7.1 and External GIS integration
Hi All,

We want to develop an application on CE 7.1 which uses GIS features from an exter

Pipe email to PHP - get mail adress from MySQL - send?
Hi all,

this is the challenge:

1) Our faculty at the college where I'm employed includ

How to get exact 3 moths post date from today date using javascript
How to get exact 3 moths post date from today date using javascript
Please help

Text file to .Dat file Conversion in PHP
Hi All,
Could anybody provide code for Text file to .Dat file Conversion in PHP.

Tha

reading partial code from external site
Hi,

I am trying to write a script for my website to get an article from an external website.

ClientScript.RegisterClientScriptBlock Issue
This is what I haveview plaincopy to clipboardprint?Protected Sub posrback_Click(ByVal sender As Obj