Preventing SQL Injection

Posted on 16th Feb 2014 07:03 pm by admin

I have a question about SQL Injection, In some of our code we use this: view plaincopy to clipboardprint?Replace(inString, "'", "''") Replace(inString, "'", "''") does this prevent all forms of SQL Injection? Also what exactly does parameterized statements do?view plaincopy to clipboardprint?myCommand.Parameters.AddWithValue("@username", user); myCommand.Parameters.AddWithValue("@password", pass);

Your Answer:

Login to answer

Other forums

Mail Form receiving emails with no content
Hi, I hope someone here can help me.
I have a simple form in my website, it was working OK, after

phpMailer will not connect using SMTP
I am trying to use phpMailer with smtp:

Code: [Select]$mailer = new PHPMailer();
$mailer-&

Website Direction...
I recently used this code to try and make it so the page loads as http://www.domain.com/ when you ty

What am I missing here? Help!
Hello all!. I can't seem to get this working right. Well - it renders right, but something is goin

ASP.NET Validation Event Cycle
Hi,
I have asp button as follow:

Table colours fail when extra row added
Hey Gurus,

I got a weird problem with formating the colour of a table made in php. Everything

Pulling out some result data from MYSQL
Hey Guys,

I've built a PHP page that has a for just imagine something like registration form

$action = "insert"; //$action = $_GET['action'];
$action = "insert";
//$action = $_GET['action'];

why is this invalid type? I am

Recode Abap Dynpro into Web Dynpro
Hi All,
A client has asked us to look at rearchitecting a custom transaction that was developed

Any decent php formatter/beautifier/pretty printer?
Any decent php formatter/beautifier/pretty printer class/function?

I found the following whil