rgb192
asked on
sql version of mysql_real_escape_string()
mysql_real_escape_string()
how is this used in sql server 2005
how is this used in sql server 2005
ASKER
this is for mysql
and i would like it for sql server
and i would like it for sql server
$fn = mysql_real_escape_string($_POST["firstname"]);
$ln = mysql_real_escape_string($_POST["lastname"]);
isn't that a Php function ? I am not sure how it relates to SQL Server
@aneeshattingal: Maybe he is using ODBC?
Agree with Ray, I don't know of a direct function call that duplicates the abilities of mysql_real_escape_string. You would have to construct your own on the PHP side or in a user defined function on MS SQL side.
See if this helps for that purpose.
http:Q_21927070.html
See if this helps for that purpose.
http:Q_21927070.html
ASKER
yes using using ODBC
php to connect to sql server 2005
php to connect to sql server 2005
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I saw the other experts exchange link
and the answer is
for mssql-server str_replace("'", "''", $data) is typical sufficient to escape the data so no sqlinjection is possible.
how would this apply to
and the answer is
for mssql-server str_replace("'", "''", $data) is typical sufficient to escape the data so no sqlinjection is possible.
how would this apply to
$fn = mysql_real_escape_string($_POST["firstname"]);
$ln = mysql_real_escape_string($_POST["lastname"]);
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
thanks
http://blog.sqlauthority.com/2008/02/17/sql-server-how-to-escape-single-quotes-fix-error-105-unclosed-quotation-mark-after-the-character-string/
mysql_real_escape_string()
Do you have a code sample that shows the problem you're having with escapes in SQL 2005?