How to prevent an SQL injection in PHP?

How to prevent MSSQL injection in PHP?

  • I am using mssql and php and i want to prevent my site from sql injection. I used addslashes(). But I know this is not the effective way, I have found from some sites that parameterized query will prevent mssql injection.But I don't know how to use this, because i found that sqlsrv_connect() like functions are used instead of mssql_connect. For this i have to download some dll files. but i did not get that files. Any one please give me a solution......

  • Answer:

    look at mysql_real_escape_string(); function that is a very effective way http://php.net/manual/en/function.mysql-real-escape-string.php Also htmlentities(); to prevent html code into input fields.

Abhi at Yahoo! Answers Visit the source

Was this solution helpful to you?

Related Q & A:

Just Added Q & A:

Find solution

For every problem there is a solution! Proved by Solucija.

  • Got an issue and looking for advice?

  • Ask Solucija to search every corner of the Web for help.

  • Get workable solutions and helpful tips in a moment.

Just ask Solucija about an issue you face and immediately get a list of ready solutions, answers and tips from other Internet users. We always provide the most suitable and complete answer to your question at the top, along with a few good alternatives below.