homepage Welcome to WebmasterWorld Guest from 54.242.241.20
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / Code, Content, and Presentation / Databases
Forum Library, Charter, Moderator: open

Databases Forum

    
Prevent injection MSSql server
ktsirig

5+ Year Member



 
Msg#: 3478614 posted 8:56 am on Oct 16, 2007 (gmt 0)

Hello,
I wanted to ask if anyone knows of a way to prevent injection in an SQL SERVER 2005. I mean, is there any way to do all the blocking in the server and not have to escape each special character one-by-one?
For example, in PHP I used mysql_escape_string and automatically the string was OK to send to the database... Is there something similar in SQL Server?

Thank you

 

blend27

WebmasterWorld Senior Member 5+ Year Member



 
Msg#: 3478614 posted 10:03 am on Oct 16, 2007 (gmt 0)

msdn2.microsoft.com/en-us/library/ms161953.aspx, i guess to start with

ebby

5+ Year Member



 
Msg#: 3478614 posted 2:57 pm on Oct 16, 2007 (gmt 0)

one of your best defenses is using stored procedures.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / Databases
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved