Preventing SQL Injection

Posted on 16th Feb 2014 07:03 pm by admin

I have a question about SQL Injection, In some of our code we use this: view plaincopy to clipboardprint?Replace(inString, "'", "''") Replace(inString, "'", "''") does this prevent all forms of SQL Injection? Also what exactly does parameterized statements do?view plaincopy to clipboardprint?myCommand.Parameters.AddWithValue("@username", user); myCommand.Parameters.AddWithValue("@password", pass);

Your Answer:

Login to answer

Other forums

mysql select query problem
how can i select multiple fields from multiple table in one query like

i have table name t1 a

Problems with strings containing
Hey all,

I have encountered something strange in a script. I am trying to write an XML heade

A rank users order by points
I want to make an insert from table 'rank' , with number (rank) from the cod blow, to fild users.ran

reating a background image
I am building a site in drupal and have a php form in it, due to certain annoyances with module buil

Lack of simpleXML Documentation
What is up with this.

Look at: http://www.php.net/manual/en/function.simplexml-load-file.php<

storing video files into mysql in php
hi

i have my video files in my folder ,
i have to store the path of the videos into db an

simple php table loop
Hi all,

I've the following code

<?php // Create category options

storing results of a function - previous result overwritten with new result
I have created a function to validate input.

function validate_dimension($value,$name) {
<

ALV List Display to point to another report on Double Click
Hi,

I want my ALV List Display to point to another report on Double Click on its line ite

Show message after entering data
Hello Colleagues

I would like to display messages after entering the data example: "
dat