Prevent injection MSSql server Databases forum at WebmasterWorld

Welcome to WebmasterWorld Guest from 23.20.196.179
register, login, search, subscribe, help, library, PubCon, announcements, recent posts, open posts,

Pubcon Platinum Sponsor

Home / Forums Index / Code, Content, and Presentation / Databases

Forum Library : Charter : Moderators: physics & whoisgregg
Databases Forum

Prevent injection MSSql server

ktsirig

msg:3478616

8:56 am on Oct 16, 2007 (gmt 0)

Hello,
I wanted to ask if anyone knows of a way to prevent injection in an SQL SERVER 2005. I mean, is there any way to do all the blocking in the server and not have to escape each special character one-by-one?
For example, in PHP I used mysql_escape_string and automatically the string was OK to send to the database... Is there something similar in SQL Server?

Thank you

blend27

msg:3478651

10:03 am on Oct 16, 2007 (gmt 0)

msdn2.microsoft.com/en-us/library/ms161953.aspx, i guess to start with

ebby

msg:3478905

2:57 pm on Oct 16, 2007 (gmt 0)

one of your best defenses is using stored procedures.

Global Options:

top

home

open messages

active posts

Home / Forums Index / Code, Content, and Presentation / Databases

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About
WebmasterWorld ® and PubCon ® are a Registered Trademarks of Pubcon Inc.
© Pubcon Inc. 1996-2012 all rights reserved

Databases Forum