Preventing SQL Injection

Posted on 16th Feb 2014 07:03 pm by admin

I have a question about SQL Injection, In some of our code we use this: view plaincopy to clipboardprint?Replace(inString, "'", "''") Replace(inString, "'", "''") does this prevent all forms of SQL Injection? Also what exactly does parameterized statements do?view plaincopy to clipboardprint?myCommand.Parameters.AddWithValue("@username", user); myCommand.Parameters.AddWithValue("@password", pass);

Your Answer:

Login to answer

Other forums

help countdown timers
hello every one,

I'd like to know how to insert many countdowns in the same page.
The dura

There was a problem with the request. (Code: 0)
Any Idea what could cause this? I get it randomly at best. But with both IE and FF. It derives from

DYNPRO_FIELD_CONVERSION
Hi gurus,

I got a dump when I run one of my program. the dump is described below:

simple php table loop
Hi all,

I've the following code

<?php // Create category options

PHP and SMS
Hi all forum members. I am new here and am unsure what category shoild I post this in.
Moderator

Referential Integrity problem when inserting into 2 tables at same time
Hello Everyone,

Im relativity new to PHP and MySQL and i have come up against a problem. i h

Text file to .Dat file Conversion in PHP
Hi All,
Could anybody provide code for Text file to .Dat file Conversion in PHP.

Tha

Please help with code for SMTP authenticated PHP email form
Hello, I'm creating a PHP email form, and for this particular server, I have to use SMTP Authenticat

JSON SORT WITH PHP
I have two products that I want to sort by say "Id:17, value: xxx" using php
The page w

help with multi-update
Now sure how to ask this really....
10g database if that matters.

I have a customer