Welcome to WebmasterWorld Guest from

Forum Moderators: coopster & jatar k

Message Too Old, No Replies

Will mysql real escape string work with Sql Server queries?

1:49 pm on Oct 25, 2007 (gmt 0)

Junior Member

5+ Year Member

joined:June 15, 2007
votes: 0

Is the function mysql_real_escape_string really only made to be used with mySql queries or will it work with SQL Server queries?

Also any further information on SQl Injection preventio is welcome.

I have gathered that stripslashes and mysql_real_escape_string are a good solution.

Best Regards


3:08 pm on Oct 25, 2007 (gmt 0)

Senior Member

WebmasterWorld Senior Member whoisgregg is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Dec 9, 2003
votes: 0

Whichever handler you are using to connect to your database should have a corresponding *_escape_string function to go with it.

3:20 pm on Oct 25, 2007 (gmt 0)

Junior Member

5+ Year Member

joined:May 31, 2006
votes: 0

SQL Server has different escape characters than MySQL, so no, the MySQL real escape string functions won't help you there. They'll still work, but they won't give the correct escape characters.

SQL Server uses the ' (single quote) as the escape character, so you'll need to do a find/replace on your string to add a ' in front of all the characters SQL Server doesn't like. Usually an apostrophe itself is the biggest problem, so I usually use:

function escapeSingleQuotes($string){
//escapse single quotes
$singQuotePattern = "'";
$singQuoteReplace = "''";
return(stripslashes(eregi_replace($singQuotePattern, $singQuoteReplace, $string)));


Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members