Preventing SQL Injection


Posted on 16th Feb 2014 07:03 pm by admin

I have a question about SQL Injection, In some of our code we use this: view plaincopy to clipboardprint?Replace(inString, "'", "''") Replace(inString, "'", "''") does this prevent all forms of SQL Injection? Also what exactly does parameterized statements do?view plaincopy to clipboardprint?myCommand.Parameters.AddWithValue("@username", user); myCommand.Parameters.AddWithValue("@password", pass);

No comments posted yet

Your Answer:

Login to answer
202 Like 50 Dislike
Previous forums Next forums
Other forums

PHP & Images [Resize, Crop, Save]
Hey! Well I have a little dilema, hoping I could find some guidance.

I have a CMS and on the

Filename and Line Number Custom Error
I have a class, with a method that accepts 2 parameters. I would like to output error messages.

PEAR in appliactiond development
When I was picking up PHP I went from procedural programming, fairly quickly into OOP, then after wr

Simpler method of getting variables from mysql
Hi Guys,

I'm trying to streamline my CMS's code and as I was writing a new page it occured to

Required to login help
I'm trying to set up my site so users have to be logged into the forum to access the site.I've been

Variable passed to each() is not an array or object
Hi,

This is a email a friend type of form, and it isn't working anymore.

<?

Losing 'page' data
I have this code that allows me to update my database. But after updating, I lose the $_GET['page']

php title problem
Hi,

I am having a problem managing my page title with PHP.

Currently I have my <

SAP Management Console is blank
Dear All ,

I am facing problem in my des sever suddely in SAP Management Console is blank and

Form Help
Here is the form:

Line number On/Off | Expand/Contract<? include("../include/sess

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



Play Free Quiz and Win Cash