Preventing SQL Injection

Posted on 16th Feb 2014 07:03 pm by admin

I have a question about SQL Injection, In some of our code we use this: view plaincopy to clipboardprint?Replace(inString, "'", "''") Replace(inString, "'", "''") does this prevent all forms of SQL Injection? Also what exactly does parameterized statements do?view plaincopy to clipboardprint?myCommand.Parameters.AddWithValue("@username", user); myCommand.Parameters.AddWithValue("@password", pass);

Your Answer:

Login to answer

Other forums

Loop Through Date Range
Hi guys,
I have date range as parameter like 01/JAN/2009 TO 16/JAN/2009 now i want to loop thro

Firewall / visited websites logger
Hi. I have a firewall implementation and I want to log all the websites visited on the machine. S

is_dir() problem
Hello,

I'm buidling a php scripts that dynamically get's subfolders from a specific folder.

phpMailer will not connect using SMTP
I am trying to use phpMailer with smtp:

Code: [Select]$mailer = new PHPMailer();
$mailer-&

Help with usergroups? prolly really quick
So were coding our own forums for a game system we made an we have the users level setup but now I n

mysql UPDATE request not working and driving me crazy!!!
Hi,

I have been stuck on this for ages.

Quite simply I am trying to update my database

Big Problem!! Please help
Hi Guys,

Im making a website for a friend have encountered a really annoying problem. When ev

How to read posted binary data from a mobile device and post it to a web server?
Here is the senario...

I have a mobile device (MD) that posts binary data to a Web Server (WS

single values into sql field
i have a form which i want the user to able to select multiple answers. But i want the answers to be

EU VAT Package 2010
Does any one know whether SAP will be developing new reporting functionality due the new VAT rules t