Preventing SQL Injection


Posted on 16th Feb 2014 07:03 pm by admin

I have a question about SQL Injection, In some of our code we use this: view plaincopy to clipboardprint?Replace(inString, "'", "''") Replace(inString, "'", "''") does this prevent all forms of SQL Injection? Also what exactly does parameterized statements do?view plaincopy to clipboardprint?myCommand.Parameters.AddWithValue("@username", user); myCommand.Parameters.AddWithValue("@password", pass);

No comments posted yet

Your Answer:

Login to answer
202 Like 50 Dislike
Previous forums Next forums
Other forums

PHP & Images [Resize, Crop, Save]
Hey! Well I have a little dilema, hoping I could find some guidance.

I have a CMS and on the

PHP loop
Okay so I have several "articles" stored in a mysql database and am attempting to echo tho

Displaying returned XML in another PHP page
I have an online payment form that will return XML given if a payment is successful or declines. I

utf8_general_ci error ??
I have all kinds of data to be inserted in database table

//I am getting this error

Yo

Grouping and sorting results
Please help with this query.

I have 2 tables in a database, countires and cities. states look

Email logic not working
I would like to send an email using the php email() function then if it does execute i.e sends i wou

SELECT * FROM users WHERE Users are not in Blocked
How do I select all users from users table where there users_id is not stored in the block table

Date Format
Hi there,

I have a date format like this right now:
Sat, 17 Oct 2009 17:04:00

I ne

Adding post count
How would I make it so everytime someone clicks submit on my form, their row in the database for the

Apple's revamped lineup arrives

I'm personally curious about the magic mouse.. a multi-touch concept sounds like it could be nea

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



Play Free Quiz and Win Cash