Prevent injection MSSql server

They have: 53 posts

Joined: Oct 2005

Hello,
I wanted to ask if anyone knows of a way to prevent injection in an SQL SERVER 2005. I mean, is there any way to do all the blocking in the server and not have to escape each special character one-by-one?
For example, in PHP I used mysql_escape_string and automatically the string was OK to send to the database... Is there something similar in SQL Server?

Thank you

JeevesBond's picture

He has: 3,956 posts

Joined: Jun 2002

There isn't an equivalent function in MS SQL Server. It's not difficult to reproduce though, have a look at this page: http://www.php.net/manual/en/function.mssql-query.php on there do a search for 'escape', there are several comments there that will help you. Smiling

a Padded Cell our articles site!

Want to join the discussion? Create an account or log in if you already have one. Joining is fast, free and painless! We’ll even whisk you back here when you’ve finished.