Solved

Insertion/Injection attacks.  How do I avoid attacks with using php to an MSsql db.

Posted on 2004-08-23
5
644 Views
Last Modified: 2013-12-12
Besides going through the strings pass are parsing it for special characters, how else can I preven insertion attacks.  For Mysql, there is a function called mysql_escape_string which will do this, however I'm running an MSsql db and wondering if there is an equivalent for MSsql?

In Mysql ie.
$Input = mysql_escape_string($Input);

MSsql???
0
Comment
Question by:TylerTy
  • 2
5 Comments
 
LVL 32

Accepted Solution

by:
ldbkutty earned 88 total points
Comment Utility
you won't find a mssql_escape_string() function like mysql_escape_string()), but using:

$escapedString = str_replace("'","''",$stringToEscape);

will accomplish the same thing.
0
 
LVL 49

Expert Comment

by:Roonaan
Comment Utility
As the first comment in the PHP manual states, you can try to use addSlashes() in order to escape quotes and singlequotes. This doesn't influence any special characters, but will prevent code injection to my knowledge.
0
 
LVL 15

Expert Comment

by:JakobA
Comment Utility
check your values with a regular expression before using them. There is also a number of standard tests for the basic numbers: http://dk.php.net/manual/en/function.is-numeric.php

regards JakobA
0
 
LVL 32

Expert Comment

by:ldbkutty
Comment Utility
my comment is a tested one.
:-)
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
posting form data 3 24
Php Array Diff 3 26
Apostophes in PHP generated form 6 12
Strip leading 0 from a var 3 8
Introduction HTML checkboxes provide the perfect way for a web developer to receive client input when the client's options might be none, one or many.  But the PHP code for processing the checkboxes can be confusing at first.  What if a checkbox is…
This article discusses how to create an extensible mechanism for linked drop downs.
The viewer will learn how to count occurrences of each item in an array.
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now