<div>
As the first comment in the PHP manual states, you can try to use addSlashes() in order to escape quotes and singlequotes. This doesn't influence any special characters, but will prevent code injection to my knowledge.
</div>


As the first comment in the PHP manual states, you can try to use addSlashes() in order to escape quotes and singlequotes. This doesn't influence any special characters, but will prevent code injection to my knowledge.

<div>
check your values with a regular expression before using them. There is also a number of standard tests for the basic numbers: <a href="http://dk.php.net/manual/en/function.is-numeric.php" rel="ugc">http://dk.php.net/manual/en/function.is-numeric.php</a><br />
<br />
regards JakobA
</div>


check your values with a regular expression before using them. There is also a number of standard tests for the basic numbers: http://dk.php.net/manual/en/function.is-numeric.php [http://dk.php.net/manual/en/function.is-numeric.php]

regards JakobA

<div>
my comment is a tested one.<br />
:-)
</div>


<div>
<div class="content wysiwyg-content">
Besides going through the strings pass are parsing it for special characters, how else can I preven insertion attacks. &nbsp;For Mysql, there is a function called mysql_escape_string which will do this, however I'm running an MSsql db and wondering if there is an equivalent for MSsql?<br />
<br />
In Mysql ie.<br />
$Input = mysql_escape_string($Input<wbr />);<br />
<br />
MSsql???
</div>
</div>


Besides going through the strings pass are parsing it for special characters, how else can I preven insertion attacks.  For Mysql, there is a function called mysql_escape_string which will do this, however I'm running an MSsql db and wondering if there is an equivalent for MSsql?

In Mysql ie.
$Input = mysql_escape_string($Input);

MSsql???

Insertion/Injection attacks.  How do I avoid attacks with using php to an MSsql db.

PHP is a widely-used server-side scripting language especially suited for web development, powering tens of millions of sites from Facebook to personal WordPress blogs. PHP is often paired with the MySQL relational database, but includes support for most other mainstream databases. By utilizing different Server APIs, PHP can work on many different web servers as a server-side scripting language.