Jump to content

Recommended Posts

Hey

 

 

When interacting with a MySQL database through a form, I am well aware that I should use mysql_real_escape_string() (no worries!), but this guy I know does it differently on his website and we were just talking about what the best solution is. Instead of adding a backslash, he adds a ' so

 

just ' testing ' becomes just '' testing '' rather than just \' testing \'

 

He is using MSSQL 2000, though. I guess there is a reason why it's called mysql_real_escape_string, so is his solution the appropriate one for MSSQL? I was just wondering if this is secure? What would happen if a user entered the following in a text field (which is used in an SQL query)?

 

just \' testing \'

 

That would become just \'' testing \'', wouldn't it? Forgive my noobness, but would that be insecure in SQL (not sure about SQL escaping)?

 

 

I hope you get my point.

 

Thanks.

Link to comment
https://forums.phpfreaks.com/topic/198413-escaping/
Share on other sites

So instead of using addslashes make your own function like this:

 

function escapeMSSQL($string) {
    return str_replace("'", "''", $string);
}

 

Then if there are other items that need escaped you can add them there as well. I looked at the manual roughly and could not find an escape function for MSSQL, so yea. Hopefully this helps ya.

Link to comment
https://forums.phpfreaks.com/topic/198413-escaping/#findComment-1041204
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.