i am using query like this
select count(*) from Users where username='"+userNameTextBox.Text.Replace("'","'")+"'
in the above simple query sql injection is possible or not (i.e., even after replacing the single quote with two single quotes), if possible how is it possible can any body explain me?
and more over what is blind sql injection, can any body give example for that?
Burepalli V S Rao.
View Complete Post