micmania1 Posted May 13, 2011 Share Posted May 13, 2011 Hi, Yesterday I was writing a script for MS SQL and when it came to testing, I noticed backslash wasn't escaping single quotes. Done my research on google and found the reason why. I then added a simple function to my validation class which i'm hoping somebody can review? // A function to parse a mssql string // $params: data - any data // @returns validated mssql data function mssql($data) { $data = str_replace("[", "[[", $data); $data = str_replace("]", "]]", $data); $data = str_replace("'", "''", $data); $data = str_replace('"', '""', $data); $data = str_replace("%", "[%]", $data); $data = str_replace("_", "[_]", $data); return $data; } How secure is the above function? Is there a way to improve it? Thanks for reading and any feedback is appreciated. Quote Link to comment https://forums.phpfreaks.com/topic/236296-ms-sql-escaping-data-please-review-my-function/ Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.