MSSQL injection
Posted: Tue Oct 09, 2007 11:59 am
Hi,
I have never used MSSQL in my life....until today. I have a mysql based application which i am currently translating into mssql syntax. I note there isnt a "mysql_real_escape_string"...version in MSSQL.
doe this mean that there is no way for SQL injections in MSSQL?
what would then be the appropriate method of safely escaping mssql user inputted values?
I have never used MSSQL in my life....until today. I have a mysql based application which i am currently translating into mssql syntax. I note there isnt a "mysql_real_escape_string"...version in MSSQL.
doe this mean that there is no way for SQL injections in MSSQL?
what would then be the appropriate method of safely escaping mssql user inputted values?