This is a realy quick question One way to update or insert data in

Question

0

Editorial Team

Asked: June 12, 20262026-06-12T19:23:44+00:00 2026-06-12T19:23:44+00:00

This is a realy quick question One way to update or insert data in

0

This is a realy quick question

One way to update or insert data in a database is to use prepared statements like this:

Dim cmd As New MySqlCommand("UPDATE `table` SET `field` = ?value", con)
cmd.Parameters.AddWithValue("?value", "user given value")
cmd.ExecuteNonQuery()

One would do that to prevent any chances of SQL injections. my question is if i use the mysqlHelper Class to escaps strings. It it equalivant to prepared statements? In other words is SQL injection still possible?

Here is how i use the escape character method

Dim cmd As New MySqlCommand("UPDATE `table` SET `field` =" & MySqlHelper.EscapeString("user given value"),con)
cmd.ExecuteNonQuery()

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-12T19:23:45+00:00

Editorial Team

2026-06-12T19:23:45+00:00Added an answer on June 12, 2026 at 7:23 pm

Yes it does but generally your better off doing it the proper way by using parameters. Using the above is just not advised.

Have a look here

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

This is a realy quick question One way to update or insert data in

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply