Solved

Insertion/Injection attacks.  How do I avoid attacks with using php to an MSsql db.

Posted on 2004-08-23
5
661 Views
Last Modified: 2013-12-12
Besides going through the strings pass are parsing it for special characters, how else can I preven insertion attacks.  For Mysql, there is a function called mysql_escape_string which will do this, however I'm running an MSsql db and wondering if there is an equivalent for MSsql?

In Mysql ie.
$Input = mysql_escape_string($Input);

MSsql???
0
Comment
Question by:TylerTy
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
5 Comments
 
LVL 32

Accepted Solution

by:
ldbkutty earned 88 total points
ID: 11875594
you won't find a mssql_escape_string() function like mysql_escape_string()), but using:

$escapedString = str_replace("'","''",$stringToEscape);

will accomplish the same thing.
0
 
LVL 49

Expert Comment

by:Roonaan
ID: 11906945
As the first comment in the PHP manual states, you can try to use addSlashes() in order to escape quotes and singlequotes. This doesn't influence any special characters, but will prevent code injection to my knowledge.
0
 
LVL 15

Expert Comment

by:JakobA
ID: 11928504
check your values with a regular expression before using them. There is also a number of standard tests for the basic numbers: http://dk.php.net/manual/en/function.is-numeric.php

regards JakobA
0
 
LVL 32

Expert Comment

by:ldbkutty
ID: 12574118
my comment is a tested one.
:-)
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Build an array called $myWeek which will hold the array elements Today, Yesterday and then builds up the rest of the week by the name of the day going back 1 week.   (CODE) (CODE) Then you just need to pass your date to the function. If i…
This article discusses four methods for overlaying images in a container on a web page
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question