Eiolon Posted July 27, 2011 Share Posted July 27, 2011 Nearly all of my backend is MySQL-based but I have one area (login) that connects to a MSSQL database via ODBC to verify credentials. I was wondering what is the best way to sanitize the data being sent from the form? Can I use mysql_escape_string for an ODBC connection? Link to comment https://forums.phpfreaks.com/topic/242998-sanitize-input-for-odbc-connection/ Share on other sites More sharing options...
premiso Posted July 27, 2011 Share Posted July 27, 2011 If you are using the ODBC class in PHP, I would use prepared statements. http://www.php.net/manual/en/function.odbc-prepare.php Link to comment https://forums.phpfreaks.com/topic/242998-sanitize-input-for-odbc-connection/#findComment-1248062 Share on other sites More sharing options...
IrOnMaSk Posted July 27, 2011 Share Posted July 27, 2011 u should try it Link to comment https://forums.phpfreaks.com/topic/242998-sanitize-input-for-odbc-connection/#findComment-1248064 Share on other sites More sharing options...
Eiolon Posted July 27, 2011 Author Share Posted July 27, 2011 Well, I tried mysql_escape_string and the form works as intended, but I am not sure if it is really escaping data or not as I don't know how to inject things. I'll try the prepared statements instead since it looks more for tailored for ODBC. Link to comment https://forums.phpfreaks.com/topic/242998-sanitize-input-for-odbc-connection/#findComment-1248066 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.