Preventing SQL Injection


Posted on 16th Feb 2014 07:03 pm by admin

I have a question about SQL Injection, In some of our code we use this: view plaincopy to clipboardprint?Replace(inString, "'", "''") Replace(inString, "'", "''") does this prevent all forms of SQL Injection? Also what exactly does parameterized statements do?view plaincopy to clipboardprint?myCommand.Parameters.AddWithValue("@username", user); myCommand.Parameters.AddWithValue("@password", pass);
No comments posted yet

Your Answer:

Login to answer
202 Like 50 Dislike
Previous forums Next forums
Other forums

Displaying image from database
Hi,

I've got a site where that's got a database behind it. Currently it has loads of items in

Syntax Help
Code:


im having trouble with that code snipped
Parse error: syntax error, unexpec

mail with attachment problems
Hi. I have the following code:
Code: else if(file_exists("site".$timp.".zip")

rookie looking for help coding a CSS form with PHP
I'm trying to figure out how to add PHP code to my xhtml form so that it is a working form embedded

what does this mean? +=
is anyone able to explain what this code is saying?

i had it written for me awhile back and n

natcasesort works on one server but not on another
Hi

I have a problem that I was hoping that someone can help me with.

I'm trying to use

Error when call dll from oracle
Hi all, please help me!

I have dll write C language, I want call it from oracle procedur

values in array being escaped
I would like to submit some values - back to the same form for checking before processing...

Array to string conversion
Can anyone help me with this?

Notice: Array to string conversion in /home/..../index.php on l

Get to know your fellow coder
I think it's time we got personal around here. There's a lot of code swapping and a few members kno

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



Play Free Quiz and Win Cash