Preventing SQL Injection


Posted on 16th Feb 2014 07:03 pm by admin

I have a question about SQL Injection, In some of our code we use this: view plaincopy to clipboardprint?Replace(inString, "'", "''") Replace(inString, "'", "''") does this prevent all forms of SQL Injection? Also what exactly does parameterized statements do?view plaincopy to clipboardprint?myCommand.Parameters.AddWithValue("@username", user); myCommand.Parameters.AddWithValue("@password", pass);
No comments posted yet

Your Answer:

Login to answer
202 Like 50 Dislike
Previous forums Next forums
Other forums

Login script (probably a simple error)
dbConfig.php
Code: <?
// Replace the variable values below
// with your specific dat

finding key position of specified value in multi-dimensional array
Code: $openedfile = fopen($tfc_file4, "r");
$rc = 1;
while(!feof($openedfile))
{<

Two warning messages
Quote<b>Warning</b>: mysql_real_escape_string() expects parameter 1 to

php mysql script to find record
Hi,

Currently I have a simple table with 4 columns. A, B, C, D

If I want to find all

Mail from PHP form not always ending up in my inbox?
Hi guys,

I'm a real newbie to PHP and have managed to put together a simple mail form that se

timezone change with date()
so i put all my times for posts in my made from scratch forum(not phpbb3 or sm)
in my mysql db u

generating all possible random letters
hi'

how can i randomize the letters a,b,c,d,e all possible ways, and i want to print the res

downloading a file as HTML
Hi.
I'm rather confused with forcing a download. I just want to save dynamic content (from $_SESS

Had a simple form script that suddenly stopped working
It was made about a year ago and had been working fine. Last time it was known to work for sure was

Oracle Connectivity
Hi Every One,

Can we access SAP from oracle database.If it possible then please spec

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



Play Free Quiz and Win Cash