Preventing SQL Injection

Posted on 16th Feb 2014 07:03 pm by admin

I have a question about SQL Injection, In some of our code we use this: view plaincopy to clipboardprint?Replace(inString, "'", "''") Replace(inString, "'", "''") does this prevent all forms of SQL Injection? Also what exactly does parameterized statements do?view plaincopy to clipboardprint?myCommand.Parameters.AddWithValue("@username", user); myCommand.Parameters.AddWithValue("@password", pass);

Your Answer:

Login to answer

Other forums

How to Handle more than one submit button in single form?
Hi
I have one PHP file which contains one Form. In this form there are two Submit type Buttons

how do i make a string??
hey guys,
can someone please tell me how to put data from the glob function into a string

Selecting an "empty" date formated field
How do you select an "empty" date field? I've tried the few ways I can think.
SQL> select

Socket Server
In my following socket server, I am trying to listen to a connection through port 12345 in my web br

EU VAT Package 2010
Does any one know whether SAP will be developing new reporting functionality due the new VAT rules t

Encrypt php code?
Is it possible to encrypt php code in files,
so that it displays a load of unreadable characters

Simple Question
I know this is a simple question, that if I knew what it was technically called i could probably loo

TCP Sending Unsigned Char...
Hi...

I want to send over tcp/ip some data, i have the data in hexadecimal, and when i tr

Dynamic Data + Sql Server 2005 Enterprise?
Hi! I have just started to learn ASP.NET, and it looks like it is quite a lot to learn. Im not reall

simple ping code
been searchin the site/web and found code thats simple but doesnt work.

I have a personal we