Escape string for MSSQL

Discussion in 'PHP' started by GSP, Dec 24, 2011.

  1. #1
    Hello,

    I searching best replace for mysql_real_escape_string.
    Database: MSSQL

    Thanks for help

    Merry Christmas
     
    GSP, Dec 24, 2011 IP
  2. EricBruggema

    EricBruggema Well-Known Member

    Messages:
    1,740
    Likes Received:
    28
    Best Answers:
    13
    Trophy Points:
    175
    #2
    EricBruggema, Dec 29, 2011 IP
  3. jestep

    jestep Prominent Member

    Messages:
    3,659
    Likes Received:
    215
    Best Answers:
    19
    Trophy Points:
    330
    #3
    There isn't. In this case, I would probably opt for something like PDO or a 3rd party ORM that supports MSSQL like Doctrine. My main reason is that without a built-in escaping mechanism, it's possible to be susceptible to a targeted injection attack. Even addslashes or something similar may be susceptible, which is why mysql_real_escape_string was created.
     
    jestep, Dec 29, 2011 IP
  4. shahinfosoft

    shahinfosoft Greenhorn

    Messages:
    24
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    16
    #4
    using
    mysql_escape_string()
     
    shahinfosoft, Dec 30, 2011 IP
  5. WPC

    WPC Peon

    Messages:
    116
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    0
    #5
    Hi,

    Your better of just writing your own function, and storing it away in a class so you can use it over and over again, just make sure you include the basics.
     
    WPC, Dec 31, 2011 IP