Preventing SQL Injection

Posted on 16th Feb 2014 07:03 pm by admin

I have a question about SQL Injection, In some of our code we use this: view plaincopy to clipboardprint?Replace(inString, "'", "''") Replace(inString, "'", "''") does this prevent all forms of SQL Injection? Also what exactly does parameterized statements do?view plaincopy to clipboardprint?myCommand.Parameters.AddWithValue("@username", user); myCommand.Parameters.AddWithValue("@password", pass);

Your Answer:

Login to answer

Other forums

php - xml what is the best way to do this.
IN essence I want to have a script calling the info from the database.. I have no problem thus far,

PHP loop
Okay so I have several "articles" stored in a mysql database and am attempting to echo tho

Looping Problem
I've got a client that has a database with about 200 events at any given time. I'm trying to loop t

need Array help
This is what I have to do.
$teamname[1] = "Red Sox"
$teamname[2] = "Gian

PHP & Images [Resize, Crop, Save]
Hey! Well I have a little dilema, hoping I could find some guidance.

I have a CMS and on the

RadioButtonList data selection
view plaincopy to clipboardprint?

Posting Serialized Data Not Working
I am trying to send an object from one PHP file to another using POST. I serialize the object and th

Deleted Delivery but material wont return
We deleted a delivery but the material its still pending.

We made a reverse goods movemen

Passing Variables
What I'm wanting to do is when the user clicks on Arenas it will know the name of the country it's w

Image upload - determine folder
I have an upload script that may be accessed from different directories. Problem is, the script is m