Welcome to WebmasterWorld Guest from 23.20.238.193

Forum Moderators: coopster & jatar k

Message Too Old, No Replies

Will mysql real escape string work with Sql Server queries?

     
1:49 pm on Oct 25, 2007 (gmt 0)

5+ Year Member



Is the function mysql_real_escape_string really only made to be used with mySql queries or will it work with SQL Server queries?

Also any further information on SQl Injection preventio is welcome.

I have gathered that stripslashes and mysql_real_escape_string are a good solution.

Best Regards

NooK

3:08 pm on Oct 25, 2007 (gmt 0)

WebmasterWorld Senior Member whoisgregg is a WebmasterWorld Top Contributor of All Time 10+ Year Member



Whichever handler you are using to connect to your database should have a corresponding *_escape_string function to go with it.

3:20 pm on Oct 25, 2007 (gmt 0)

5+ Year Member



SQL Server has different escape characters than MySQL, so no, the MySQL real escape string functions won't help you there. They'll still work, but they won't give the correct escape characters.

SQL Server uses the ' (single quote) as the escape character, so you'll need to do a find/replace on your string to add a ' in front of all the characters SQL Server doesn't like. Usually an apostrophe itself is the biggest problem, so I usually use:

function escapeSingleQuotes($string){
//escapse single quotes
$singQuotePattern = "'";
$singQuoteReplace = "''";
return(stripslashes(eregi_replace($singQuotePattern, $singQuoteReplace, $string)));
}

 

Featured Threads

Hot Threads This Week

Hot Threads This Month