Jump to content

no mssql_real_escape_string


Recommended Posts

This may be a retarded question, but I never really got the grasp of functions. How would I implement a function like this on a post of a variable like the following?


Say I have a headline input field called:

 <input  class="sign_up_input_area_main" type="text" name="Headline" value="<?echo $headline_2?>" size="98" />


and my post action is

$headline_1 = trim($_POST['Headline']); 
        $headline_2 = strip_tags($headline_1);
        $headline_3 = stripslashes(str_replace("'", "''", ($headline_2)));


And what do you mean "prepared statements?


Link to comment
Share on other sites

  • 1 month later...

MSSQL is discontinued as of PHP 5.2.x or something like that. The new more efficient method of connecting PHP with SQL Server is with the drivers specified above (SQLSRV).


In answer to your question, you could use the function detailed by premiso - how secure that is I don't know. This would be implemented during the execution script where you process your form data.


I personally feel a better method is to use stored procedures which (as far as I know) are near on impossible to break through as the syntax would just cripple the SQL Server if it were to be manipulated.

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.