Welcome to WebmasterWorld Guest from

Forum Moderators: coopster & jatar k

Message Too Old, No Replies

Will mysql real escape string work with Sql Server queries?

1:49 pm on Oct 25, 2007 (gmt 0)

5+ Year Member

Is the function mysql_real_escape_string really only made to be used with mySql queries or will it work with SQL Server queries?

Also any further information on SQl Injection preventio is welcome.

I have gathered that stripslashes and mysql_real_escape_string are a good solution.

Best Regards


3:08 pm on Oct 25, 2007 (gmt 0)

WebmasterWorld Senior Member whoisgregg is a WebmasterWorld Top Contributor of All Time 10+ Year Member

Whichever handler you are using to connect to your database should have a corresponding *_escape_string function to go with it.

3:20 pm on Oct 25, 2007 (gmt 0)

5+ Year Member

SQL Server has different escape characters than MySQL, so no, the MySQL real escape string functions won't help you there. They'll still work, but they won't give the correct escape characters.

SQL Server uses the ' (single quote) as the escape character, so you'll need to do a find/replace on your string to add a ' in front of all the characters SQL Server doesn't like. Usually an apostrophe itself is the biggest problem, so I usually use:

function escapeSingleQuotes($string){
//escapse single quotes
$singQuotePattern = "'";
$singQuoteReplace = "''";
return(stripslashes(eregi_replace($singQuotePattern, $singQuoteReplace, $string)));


Featured Threads

Hot Threads This Week

Hot Threads This Month