Insertion/Injection attacks. How do I avoid attacks with using php to an MSsql db.
Posted on 2004-08-23
Besides going through the strings pass are parsing it for special characters, how else can I preven insertion attacks. For Mysql, there is a function called mysql_escape_string which will do this, however I'm running an MSsql db and wondering if there is an equivalent for MSsql?
In Mysql ie.
$Input = mysql_escape_string($Input);