Hi,
I have never used MSSQL in my life....until today. I have a mysql based application which i am currently translating into mssql syntax. I note there isnt a "mysql_real_escape_string"...version in MSSQL.
doe this mean that there is no way for SQL injections in MSSQL?
what would then be the appropriate method of safely escaping mssql user inputted values?
MSSQL injection
Moderator: General Moderators
- Josh1billion
- Forum Contributor
- Posts: 316
- Joined: Tue Sep 11, 2007 3:25 pm
I googled to find this, which may help you: http://www.t4vn.net/example/showcode/ms ... tring.html