Escaping MSSQL data

Questions about the MySQL, PostgreSQL, and most other databases, as well as using it with PHP can be asked here.

Moderator: General Moderators

Post Reply
lettie_dude
Forum Commoner
Posts: 65
Joined: Thu Dec 07, 2006 10:10 am

Escaping MSSQL data

Post by lettie_dude »

Hi

Have searched and read various articles about escaping data on the forums which are very informative. However does anyone know the best solution for escaping data for MSSQL. Is there an escaping interface for MSSQL server 2005 or some function that will emulate what mysql_real_escape_string does?

Cheers for any response.
lettie_dude
Forum Commoner
Posts: 65
Joined: Thu Dec 07, 2006 10:10 am

Re: Escaping MSSQL data

Post by lettie_dude »

I have done some further research on this on other forums and there are various arguments as to whether MS should be providing an escaping mechanism or not. But the bottom line seems to be there is no escaping mechanism nor will one be provided. All other home made functions seem to have there pitfalls and the only thing that keeps coming up strongly is to use Stored Procedures on sql server 2005 and not include any sql statements in your page. Check out the link below for the full discussion. So I will be having a look into stored proceedures. Oh Joy!

Hope this helps someone else in the same position.

http://www.webmasterworld.com/microsoft ... 636835.htm
User avatar
Kieran Huggins
DevNet Master
Posts: 3635
Joined: Wed Dec 06, 2006 4:14 pm
Location: Toronto, Canada
Contact:

Re: Escaping MSSQL data

Post by Kieran Huggins »

would mysql_real_escape_string not work? Not sure if there are differences...
lettie_dude
Forum Commoner
Posts: 65
Joined: Thu Dec 07, 2006 10:10 am

Re: Escaping MSSQL data

Post by lettie_dude »

Apparently not from other posts I have read. Its a mysql function not mssql. Unless anything has changed recently!
Post Reply