PHP SQL Server injections

Asked Oct 07 '14 at 19:28

Active Oct 07 '14 at 20:36

Viewed 46 times

Is this the way to prevent (all) Microsoft SQL Server injections if you want to use ODBC?

public function mssql_escape($str)
{
    if (get_magic_quotes_gpc()):
        $str = stripslashes($str);
    endif;

    return str_replace("'", "''", $str);
}

edited Oct 07 '14 at 20:36

marc_s

732,580
175
1,330
1,459

asked Oct 07 '14 at 19:28

1

several other posts out there on this topic, but short answer is no, there are far better ways to deal with sql injection. – user2366842 Oct 07 '14 at 19:31
1

**NO** - use **parametrized queries** - that's the only viable way to go – marc_s Oct 07 '14 at 20:36
What @marc_s said... http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php – Tanner Oct 07 '14 at 22:43

PHP SQL Server injections

0 Answers0