Preventing SQL Injection


Posted on 16th Feb 2014 07:03 pm by admin

I have a question about SQL Injection, In some of our code we use this: view plaincopy to clipboardprint?Replace(inString, "'", "''") Replace(inString, "'", "''") does this prevent all forms of SQL Injection? Also what exactly does parameterized statements do?view plaincopy to clipboardprint?myCommand.Parameters.AddWithValue("@username", user); myCommand.Parameters.AddWithValue("@password", pass);
No comments posted yet

Your Answer:

Login to answer
202 Like 50 Dislike
Previous forums Next forums
Other forums

foreach loop, assistance request
I would like some guidance on the usage of foreach as I try to parse through a large database and wh

Get value from Select menu
Hi!

Have tried to find the solution on the web. Don't know if there is an easy one. A descrip

Motivational Posters
Hello,

I wonder how can i do them in php. Are there any sample codes that you can show me?

"GROUP BY" in arrays
Well i'm looking to do something i usually could do easily using COUNT and GROUP BY if it was a sql

Code Review - SQL and Insertion Attacks (Warning: Not for Newbs)
Hey guys,

Its been a while, I know. Use to love coming here to answer peoples questions, but

SHOW TABLES Help
Hi all

I have the following

Code: [Select]<?php
$sql = "SHOW TABLES&quo

onclick problem
I have <input type="text" name="message">
<a href=page2.

Web Host List
Here is a list of web hosts that offer PHP and MySQL. It is no where near a full list, but it is mos

with clause
hi all, i have a big query that usually access the same table more than once. for example, i have s

Delete all files in folder except with certain name
I have a script that I want to delete all files in a folder (taken from a database) except for one n

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



Play Free Quiz and Win Cash