Preventing SQL Injection

Posted on 16th Feb 2014 07:03 pm by admin

I have a question about SQL Injection, In some of our code we use this: view plaincopy to clipboardprint?Replace(inString, "'", "''") Replace(inString, "'", "''") does this prevent all forms of SQL Injection? Also what exactly does parameterized statements do?view plaincopy to clipboardprint?myCommand.Parameters.AddWithValue("@username", user); myCommand.Parameters.AddWithValue("@password", pass);

Your Answer:

Login to answer

Other forums

Links not updating
I'm trying to fuel a simple navigation system for a news section. It works fine when it comes to ret

How could I combine these arrays??
Hello.. I'm trying to figure out a way to combine these first two arrays to get the last array..

Unable to retreve the values from Mysql Query
Hi,

Here is the php code that I have, Query is running properly in phpmyadmin and is resu

upload photo limits
ive got a upload photo script and im just trying to make more secure currently it limits size and as

Echoing If Function?
A script I am using has If statements in the comments form to basically tell the form what to do. Cu

ereg_replace()
Basically what i need to do is

$title = "This Suck's"

$striped = ereg_repl

CU&UC guide
Hi Gurus,

can anybody provide me the link for CU&UC upgrade guide

Thanks i

How to Create a Dynamic table
col1 col2 date1 date2 date3 date4..........
a b v1 v2 v3 v4

PHP Surveys
I really would like some advice.

If you have a client come to you asking for a survey to be d

Record count of entire database
Does anyone know if there is a way to obtain the number of records in each table of the database usi