Welcome to WebmasterWorld Guest from 220.127.116.11
Also any further information on SQl Injection preventio is welcome.
I have gathered that stripslashes and mysql_real_escape_string are a good solution.
SQL Server uses the ' (single quote) as the escape character, so you'll need to do a find/replace on your string to add a ' in front of all the characters SQL Server doesn't like. Usually an apostrophe itself is the biggest problem, so I usually use:
//escapse single quotes
$singQuotePattern = "'";
$singQuoteReplace = "''";
return(stripslashes(eregi_replace($singQuotePattern, $singQuoteReplace, $string)));