Preventing SQL Injection


Posted on 16th Feb 2014 07:03 pm by admin

I have a question about SQL Injection, In some of our code we use this: view plaincopy to clipboardprint?Replace(inString, "'", "''") Replace(inString, "'", "''") does this prevent all forms of SQL Injection? Also what exactly does parameterized statements do?view plaincopy to clipboardprint?myCommand.Parameters.AddWithValue("@username", user); myCommand.Parameters.AddWithValue("@password", pass);

No comments posted yet

Your Answer:

Login to answer
202 Like 50 Dislike
Previous forums Next forums
Other forums

Code Help.. If txt input box empty search X instead..
I am having a problem with my search script. At current it will simply search by a selected date whi

couldn't connect to your database
Hello I am new to php mysql

Actually i have read A tutorial on nettuts
"http://net.tu

grouping within a foreach?
hello all,

I currently have a list of products spit out from my db via a foreach loop. Right

mail with attachment problems
Hi. I have the following code:
Code: else if(file_exists("site".$timp.".zip")

pspell
using pspell, is it possible to get words that would be best in the current phrase?

For examp

Include ("Absolute Path") of a file?
I'm not sure what I'm doing wrong. I am writing my php code in the same directory of the file that

Multi language - seo links
Im trying to figure out the best method to have a multi language website that will function with seo

urldecode question
How would I format this line of code properly?

<?php echo urldecode($_GET['Title']); ?

if statements problems
Hi. I'm trying to make a web form, but I kind of hit a dead end trying to figure out why it doesn't

Calling variables
I want to call this to my website but it doesn't display what I want it to,

Code: <h5&

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



Play Free Quiz and Win Cash