Preventing SQL Injection


Posted on 16th Feb 2014 07:03 pm by admin

I have a question about SQL Injection, In some of our code we use this: view plaincopy to clipboardprint?Replace(inString, "'", "''") Replace(inString, "'", "''") does this prevent all forms of SQL Injection? Also what exactly does parameterized statements do?view plaincopy to clipboardprint?myCommand.Parameters.AddWithValue("@username", user); myCommand.Parameters.AddWithValue("@password", pass);

No comments posted yet

Your Answer:

Login to answer
202 Like 50 Dislike
Previous forums Next forums
Other forums

Entering Data Problem
Code: $result = mysql_query("SELECT * FROM flights");
while ($row = mysql_fetch_array($

Procedural to OOP
ohn Kleijn said that to avoid writing "crappy code", we should learn OOP and common OO pri

The IE or FF detector
Hello Friends,

Problem of today ( we seek for php help ) as following ,

we know all th

gmmktime or mktime
I live in the UK, i am within the GMT (with daylight saving time ie 1 hour difrence between summer a

What exactly is net neatrality?
What exactly is it? I think it's anti-censorship and... stuff... but I don't really understand it

unexpected T_SL without a shift left token
Nothing too see here, I'm an idiot and resolved the problem.

Windows 7
Windows 7 default user account control worries experts. Corporate IT departments should be pleased w

newbie error
what is wrong with this code ?

<html>
<body>

<?

Relative path
I have a absolute path to an image - like so: C:/Program Files/Apache Software Foundation/Apache2.2/

Looking for help on using joining mysql tables and php....
Does anyone have any good links to references on how to pull mysql data, through joining tables and

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



Play Free Quiz and Win Cash