Preventing SQL Injection

Posted on 16th Feb 2014 07:03 pm by admin

I have a question about SQL Injection, In some of our code we use this: view plaincopy to clipboardprint?Replace(inString, "'", "''") Replace(inString, "'", "''") does this prevent all forms of SQL Injection? Also what exactly does parameterized statements do?view plaincopy to clipboardprint?myCommand.Parameters.AddWithValue("@username", user); myCommand.Parameters.AddWithValue("@password", pass);

Your Answer:

Login to answer

Other forums

Values disappear from my array :( HELP!
hey all, I have a lil mysql/php/apache script that queries a database
and pulls put 5 integers.

Php navigation
I have four buttons on a php page.
If i click a button it will redirect to different php pages.

ECC6 - Single sign-on
We are in the process of upgrading to ECC 6 which will support single sign on with user passwords al

Multi dimensional arrays
If I put in this code:

1
2
3
4
5
6
7
8
9
10
11
12
13<

Displaying image pathname instead of image
Hello

Im trying to upload and then display images from a mysql database - Its only basic and

Adding Different Numbers From MySQL
Basically I have a mysql database with a couple prices as the following:

9.99
9.99
9.99

Must be a string? Huh, what? HELP?
with the following script, I get
Fatal error: Property name must be a string in /home/content/e/

Help a newbee save my job !
Hey guys i am dying here i am new to php and would like for someone to help me with this problem

form problem
below in the form action, i've put "test.php?w=$sw&h=$sh" but when i input the for

Remove letter from numeric textbox
I have a textbox that will search the employee database by entering in the employee ID and it will r