Jump to content

Escaping characters for an insert statement


Chips

Recommended Posts

Hello, having some trouble with this one. Checked the php.net topics for anything, nothing can be found. tried using "addslashes()" but that doesn't seem to work either!

So can anyone give me any quick pointers on what characters need to be escaped, and if they know of any functions that do this (integrated in php) or whether i'll have to use a different function and tailor it or not.

Especially relevent to:

Preventing sql injection attacks on mssql database (dunno how, but guessing ensuring they can't insert sql statements into queries that are just supposed to insert data instead!).
Allowing users names like O'Donnel etc
Allowing users to put ! ? " - ' ; : etc inside comments sections that will be logged into a database table.

Unfort having massive trouble finding any information with regards to mssql, and plenty on mysql that just doesn't work (tried addslashes and nothing was entered when putting ' into a string of text!).

Many thanks if anyone can help out.
Link to comment
Share on other sites

  • 2 weeks later...
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.