Hi
Have searched and read various articles about escaping data on the forums which are very informative. However does anyone know the best solution for escaping data for MSSQL. Is there an escaping interface for MSSQL server 2005 or some function that will emulate what mysql_real_escape_string does?
Cheers for any response.
Escaping MSSQL data
Moderator: General Moderators
-
lettie_dude
- Forum Commoner
- Posts: 65
- Joined: Thu Dec 07, 2006 10:10 am
Re: Escaping MSSQL data
I have done some further research on this on other forums and there are various arguments as to whether MS should be providing an escaping mechanism or not. But the bottom line seems to be there is no escaping mechanism nor will one be provided. All other home made functions seem to have there pitfalls and the only thing that keeps coming up strongly is to use Stored Procedures on sql server 2005 and not include any sql statements in your page. Check out the link below for the full discussion. So I will be having a look into stored proceedures. Oh Joy!
Hope this helps someone else in the same position.
http://www.webmasterworld.com/microsoft ... 636835.htm
Hope this helps someone else in the same position.
http://www.webmasterworld.com/microsoft ... 636835.htm
- Kieran Huggins
- DevNet Master
- Posts: 3635
- Joined: Wed Dec 06, 2006 4:14 pm
- Location: Toronto, Canada
- Contact:
Re: Escaping MSSQL data
would mysql_real_escape_string not work? Not sure if there are differences...
-
lettie_dude
- Forum Commoner
- Posts: 65
- Joined: Thu Dec 07, 2006 10:10 am
Re: Escaping MSSQL data
Apparently not from other posts I have read. Its a mysql function not mssql. Unless anything has changed recently!