Welcome to WebmasterWorld Guest from 54.196.87.74

Forum Moderators: open

Message Too Old, No Replies

Prevent injection MSSql server

     
8:56 am on Oct 16, 2007 (gmt 0)

Junior Member

10+ Year Member

joined:Sept 26, 2005
posts:92
votes: 0


Hello,
I wanted to ask if anyone knows of a way to prevent injection in an SQL SERVER 2005. I mean, is there any way to do all the blocking in the server and not have to escape each special character one-by-one?
For example, in PHP I used mysql_escape_string and automatically the string was OK to send to the database... Is there something similar in SQL Server?

Thank you

10:03 am on Oct 16, 2007 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Dec 27, 2004
posts:1832
votes: 47


msdn2.microsoft.com/en-us/library/ms161953.aspx, i guess to start with
2:57 pm on Oct 16, 2007 (gmt 0)

Junior Member

5+ Year Member

joined:Oct 15, 2007
posts:64
votes: 0


one of your best defenses is using stored procedures.