How to escape strings in SQL Server using PHP?

by

addslashes() isn’t fully adequate, but PHP’s mssql package doesn’t provide any decent alternative. The ugly but fully general solution is encoding the data as a hex bytestring, i.e.

$unpacked = unpack('H*hex', $data);
mssql_query('
    INSERT INTO sometable (somecolumn)
    VALUES (0x' . $unpacked['hex'] . ')
');

Abstracted, that would be:

function mssql_escape($data) {
    if(is_numeric($data))
        return $data;
    $unpacked = unpack('H*hex', $data);
    return '0x' . $unpacked['hex'];
}

mssql_query('
    INSERT INTO sometable (somecolumn)
    VALUES (' . mssql_escape($somevalue) . ')
');

mysql_error() equivalent is mssql_get_last_message().

More Related Contents:

  1. Prevent PHP parsing in strings [closed]
  2. How to decode Unicode escape sequences like “\u00ed” to proper UTF-8 encoded characters?
  3. Is there a PHP function that can escape regex patterns before they are applied?
  4. What does it mean to escape a string?
  5. Constant FILTER_SANITIZE_STRING is deprecated
  6. PHP Fatal error: Call to undefined function mssql_connect()
  7. Connect PHP to MSSQL via PDO ODBC
  8. Dollar ($) sign in password string treated as variable
  9. Escaping single quote in PHP when inserting into MySQL [duplicate]
  10. Connect to SQL Server through PDO using SQL Server Driver
  11. Why is PDO better for escaping MySQL queries/querystrings than mysql_real_escape_string?
  12. How do I escape only single quotes?
  13. Should a MAMP return ::1 as IP on localhost?
  14. How to connect to mssql using pdo through PHP and Linux?
  15. Sanitizing user’s data in GET by PHP [duplicate]
  16. How to execute Stored Procedure from Laravel
  17. Getting data with UTF-8 charset from MSSQL server using PHP FreeTDS extension
  18. Escape string to use in mail()
  19. How to connect sql server with php using xampp?
  20. “Adaptive Server is unavailable or does not exist” error connecting to SQL Server from PHP
  21. Fatal error: Call to undefined function sqlsrv_connect() in C:\xampp\htdocs
  22. How to use PHP to connect to sql server
  23. Pass a PHP variable to a JavaScript variable
  24. mysql_escape_string VS mysql_real_escape_string
  25. what is a good method to sanitize the whole $_POST array in php? [duplicate]
  26. Escaping CURL @ symbol with PHP
  27. json_encode produce JSON_ERROR_UTF8 from MSSQL-SELECT
  28. SQL Server error 1934 occurs on INSERT to table with computed column PHP/PDO
  29. PHP: Escape RegEx pattern to prevent being applied?
  30. How to safely output HTML from a PHP program?

Leave a Comment