MSSQL injection

Questions about the MySQL, PostgreSQL, and most other databases, as well as using it with PHP can be asked here.

Moderator: General Moderators

Post Reply
User avatar
kendall
Forum Regular
Posts: 852
Joined: Tue Jul 30, 2002 10:21 am
Location: Trinidad, West Indies
Contact:

MSSQL injection

Post by kendall »

Hi,

I have never used MSSQL in my life....until today. I have a mysql based application which i am currently translating into mssql syntax. I note there isnt a "mysql_real_escape_string"...version in MSSQL.

doe this mean that there is no way for SQL injections in MSSQL?

what would then be the appropriate method of safely escaping mssql user inputted values?
User avatar
Josh1billion
Forum Contributor
Posts: 316
Joined: Tue Sep 11, 2007 3:25 pm

Post by Josh1billion »

I googled to find this, which may help you: http://www.t4vn.net/example/showcode/ms ... tring.html
jmut
Forum Regular
Posts: 945
Joined: Tue Jul 05, 2005 3:54 am
Location: Sofia, Bulgaria
Contact:

Post by jmut »

use prepared queries, as of mysql 4.1+ you can use prepared queries for mysql too.
Post Reply