Jump to content

Prevent MS SQL Injection


PatPHP

Recommended Posts

Hi Guys

 

What do you do to prevent ms sql injection? In mysql it is easy with escape...

but what's the solution for MS?

 

I searched already in google for a bit but didn't find anything useful.

 

thx

 

Link to comment
Share on other sites

Remember how the escape character for MySQL is \?

 

(EG:  SELECT * FROM users WHERE username = 'Corbin\'s Name';)

 

In MSSQL, the escape character is another single quote.

 

(EG:  SELECT * FROM users WHERE username = 'Corbin''s Name';)

 

 

So, it's quite simple to make your own function.

 

function mssql_escape($str) {
    return str_replace("'", "''", $str);
}

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.