Click Upvote Click Upvote - 1 year ago 104
PHP Question

How to escape strings in SQL Server using PHP?

I'm looking for the alternative of

for SQL Server. Is
my best option or there is another alternative function that can be used?

Edit: Alternative for
would also be useful.

Answer Source

addslashes() isn't fully adequate, but PHP's mssql package doesn't provide any decent alternative. The ugly but fully general solution is encoding the data as a hex bytestring, i.e.

$unpacked = unpack('H*hex', $data);
    INSERT INTO sometable (somecolumn)
    VALUES (0x' . $unpacked['hex'] . ')

Abstracted, that would be:

function mssql_escape($data) {
        return $data;
    $unpacked = unpack('H*hex', $data);
    return '0x' . $unpacked['hex'];

    INSERT INTO sometable (somecolumn)
    VALUES (' . mssql_escape($somevalue) . ')

mysql_error() equivalent is mssql_get_last_message().

Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download