Page 1 of 1
Escaping MSSQL data
Posted: Fri Jun 20, 2008 10:46 am
by lettie_dude
Hi
Have searched and read various articles about escaping data on the forums which are very informative. However does anyone know the best solution for escaping data for MSSQL. Is there an escaping interface for MSSQL server 2005 or some function that will emulate what mysql_real_escape_string does?
Cheers for any response.
Re: Escaping MSSQL data
Posted: Mon Jun 23, 2008 10:16 am
by lettie_dude
I have done some further research on this on other forums and there are various arguments as to whether MS should be providing an escaping mechanism or not. But the bottom line seems to be there is no escaping mechanism nor will one be provided. All other home made functions seem to have there pitfalls and the only thing that keeps coming up strongly is to use Stored Procedures on sql server 2005 and not include any sql statements in your page. Check out the link below for the full discussion. So I will be having a look into stored proceedures. Oh Joy!
Hope this helps someone else in the same position.
http://www.webmasterworld.com/microsoft ... 636835.htm
Re: Escaping MSSQL data
Posted: Mon Jun 23, 2008 10:34 am
by Kieran Huggins
would mysql_real_escape_string not work? Not sure if there are differences...
Re: Escaping MSSQL data
Posted: Mon Jun 23, 2008 10:45 am
by lettie_dude
Apparently not from other posts I have read. Its a mysql function not mssql. Unless anything has changed recently!