Preventing SQL Injection


Posted on 16th Feb 2014 07:03 pm by admin

I have a question about SQL Injection, In some of our code we use this: view plaincopy to clipboardprint?Replace(inString, "'", "''") Replace(inString, "'", "''") does this prevent all forms of SQL Injection? Also what exactly does parameterized statements do?view plaincopy to clipboardprint?myCommand.Parameters.AddWithValue("@username", user); myCommand.Parameters.AddWithValue("@password", pass);

No comments posted yet

Your Answer:

Login to answer
202 Like 50 Dislike
Previous forums Next forums
Other forums

Remove directories not empty
hi,
i have an array that contains some names (1,4,6,56...). Every integer is a name of a folder.<

Libraries in C++
Hi all,

I have two libraries. one is based targeted on linux platform and uses another li

Timer control causing error
I recently decided to add a timer control to an existing page that uses AJAX on my site. As soon as

Unable to retreve the values from Mysql Query
Hi,

Here is the php code that I have, Query is running properly in phpmyadmin and is resu

Problem with php's rename function
So, i'm having a problem with the php rename function. Basically my script 'delete_user.php' attempt

Hi, explode and strstr.
Hi, I seem to be confused about the strstr function, eg. i have a string like:
"a.b.c.d.e.f&

empty() error
Why does

Code: empty($USER_ID = $_SESSION["USER_ID"])
create this error...

PHP error on MySQL insert
I'm sure it's the simplest of issues, but I can't recall why this isn't working.

Code: [Selec

PHP Thumbnail Creation
Ok so i use this function to create thumbnails:

Code: [Select]function createthumb($name,$fil

Connect to database that isn't localhost
I am currently doing a small script for a company that doesn't have mySql support on there hosting.

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



Play Free Quiz and Win Cash