Eiolon Posted July 27, 2011 Share Posted July 27, 2011 Nearly all of my backend is MySQL-based but I have one area (login) that connects to a MSSQL database via ODBC to verify credentials. I was wondering what is the best way to sanitize the data being sent from the form? Can I use mysql_escape_string for an ODBC connection? Quote Link to comment https://forums.phpfreaks.com/topic/242998-sanitize-input-for-odbc-connection/ Share on other sites More sharing options...
premiso Posted July 27, 2011 Share Posted July 27, 2011 If you are using the ODBC class in PHP, I would use prepared statements. http://www.php.net/manual/en/function.odbc-prepare.php Quote Link to comment https://forums.phpfreaks.com/topic/242998-sanitize-input-for-odbc-connection/#findComment-1248062 Share on other sites More sharing options...
IrOnMaSk Posted July 27, 2011 Share Posted July 27, 2011 u should try it Quote Link to comment https://forums.phpfreaks.com/topic/242998-sanitize-input-for-odbc-connection/#findComment-1248064 Share on other sites More sharing options...
Eiolon Posted July 27, 2011 Author Share Posted July 27, 2011 Well, I tried mysql_escape_string and the form works as intended, but I am not sure if it is really escaping data or not as I don't know how to inject things. I'll try the prepared statements instead since it looks more for tailored for ODBC. Quote Link to comment https://forums.phpfreaks.com/topic/242998-sanitize-input-for-odbc-connection/#findComment-1248066 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.