HomeBuilding Your WebsiteWeb Database Development

Prevent injection MSSql server

ktsirig posted this at 09:07 — 16th October 2007.

They have: 53 posts

Joined: Oct 2005

Hello,
I wanted to ask if anyone knows of a way to prevent injection in an SQL SERVER 2005. I mean, is there any way to do all the blocking in the server and not have to escape each special character one-by-one?
For example, in PHP I used mysql_escape_string and automatically the string was OK to send to the database... Is there something similar in SQL Server?

Thank you

JeevesBond posted this at 22:13 — 16th October 2007.

JeevesBond's picture

He has: 3,956 posts

Joined: Jun 2002

There isn't an equivalent function in MS SQL Server. It's not difficult to reproduce though, have a look at this page: http://www.php.net/manual/en/function.mssql-query.php on there do a search for 'escape', there are several comments there that will help you. Smiling

a Padded Cell our articles site!

Want to join the discussion? Create an account or log in if you already have one. Joining is fast, free and painless! We’ll even whisk you back here when you’ve finished.