micmania1 Posted May 13, 2011 Share Posted May 13, 2011 Hi, Yesterday I was writing a script for MS SQL and when it came to testing, I noticed backslash wasn't escaping single quotes. Done my research on google and found the reason why. I then added a simple function to my validation class which i'm hoping somebody can review? // A function to parse a mssql string // $params: data - any data // @returns validated mssql data function mssql($data) { $data = str_replace("[", "[[", $data); $data = str_replace("]", "]]", $data); $data = str_replace("'", "''", $data); $data = str_replace('"', '""', $data); $data = str_replace("%", "[%]", $data); $data = str_replace("_", "[_]", $data); return $data; } How secure is the above function? Is there a way to improve it? Thanks for reading and any feedback is appreciated. Link to comment https://forums.phpfreaks.com/topic/236296-ms-sql-escaping-data-please-review-my-function/ Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.