Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Insertion/Injection attacks.  How do I avoid attacks with using php to an MSsql db.

Posted on 2004-08-23
5
Medium Priority
?
676 Views
Last Modified: 2013-12-12
Besides going through the strings pass are parsing it for special characters, how else can I preven insertion attacks.  For Mysql, there is a function called mysql_escape_string which will do this, however I'm running an MSsql db and wondering if there is an equivalent for MSsql?

In Mysql ie.
$Input = mysql_escape_string($Input);

MSsql???
0
Comment
Question by:TylerTy
  • 2
4 Comments
 
LVL 32

Accepted Solution

by:
ldbkutty earned 264 total points
ID: 11875594
you won't find a mssql_escape_string() function like mysql_escape_string()), but using:

$escapedString = str_replace("'","''",$stringToEscape);

will accomplish the same thing.
0
 
LVL 49

Expert Comment

by:Roonaan
ID: 11906945
As the first comment in the PHP manual states, you can try to use addSlashes() in order to escape quotes and singlequotes. This doesn't influence any special characters, but will prevent code injection to my knowledge.
0
 
LVL 15

Expert Comment

by:JakobA
ID: 11928504
check your values with a regular expression before using them. There is also a number of standard tests for the basic numbers: http://dk.php.net/manual/en/function.is-numeric.php

regards JakobA
0
 
LVL 32

Expert Comment

by:ldbkutty
ID: 12574118
my comment is a tested one.
:-)
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article discusses how to create an extensible mechanism for linked drop downs.
It’s a season to be thankful, and we’re thankful for users like you who engage on site, solve technology problems, and network with others in the industry. What tech are we most thankful for? Keep reading.
The viewer will learn how to count occurrences of each item in an array.
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.
Suggested Courses

783 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question