Preventing SQL Injection

Posted on 16th Feb 2014 07:03 pm by admin

I have a question about SQL Injection, In some of our code we use this: view plaincopy to clipboardprint?Replace(inString, "'", "''") Replace(inString, "'", "''") does this prevent all forms of SQL Injection? Also what exactly does parameterized statements do?view plaincopy to clipboardprint?myCommand.Parameters.AddWithValue("@username", user); myCommand.Parameters.AddWithValue("@password", pass);

Your Answer:

Login to answer

Other forums

iMatch stored value with the current value in a loop
Hello,

I have a MySQL db were I store articles in.

I have a form to fill these article

Why doesn't this work? (SSH2)
This is my script:

Code: <?php
$connection = ssh2_connect('213.251.167.109', 22);

Option box to change variable
Hello, i need help by making a script!

I need to write a file with option box, so a dropdown

PHP mail() returns true but doesn't work
First off I apologize if this is a newbie question, and I generally don't like asking questions that

login form can you find my error?
registrationform.php seems fine send data to registration.php
registration.php seems fine checks

PHP FTP connect doesn't work with correct login
Hi!

i am working on this test code:
Quote<?php

$ftp_ser

Function
How can I make this function that once you click the link in the code it takes you to a new page wit

Adding Different Numbers From MySQL
Basically I have a mysql database with a couple prices as the following:

9.99
9.99
9.99

Only add new information from XML to MySQL
What I am doing, is taking a xml file, and adding the values to a database. However, what I want to

Parse Error
Hi Guys,

I have a function in my class which returns a string link variable. The problem is i