Prevent injection MSSql server

You are viewing this site as a guest. Join our community to get your questions answered and share knowledge. Active members may advertise and ask for a website critique.

ktsirig posted this at 09:07 — 16th October 2007.

They have: 53 posts

Joined: Oct 2005

Hello,
I wanted to ask if anyone knows of a way to prevent injection in an SQL SERVER 2005. I mean, is there any way to do all the blocking in the server and not have to escape each special character one-by-one?
For example, in PHP I used mysql_escape_string and automatically the string was OK to send to the database... Is there something similar in SQL Server?

Thank you

Web Database Development

JeevesBond posted this at 22:13 — 16th October 2007.

He has: 3,711 posts

Joined: Jun 2002

There isn't an equivalent function in MS SQL Server. It's not difficult to reproduce though, have a look at this page: http://www.php.net/manual/en/function.mssql-query.php on there do a search for 'escape', there are several comments there that will help you. Smiling

a Padded Cell our articles site!