0

I have been trying to find a way in which it has the same outcome as using mysql_real_escape_string. I do know that sqlsrv does not have the command for escaping string, but I need the escape string function. Is there any command or method that does escape string for sqlsrv? I tried addslashes, but what it did was to input the slashes into the database as well, which unfortunately is not what I wanted. I just wanted this escape string to help as some of the inputs into database has special characters like ' in which there is problem inserting to database. Thank you!

Improve this question
6
  • stackoverflow.com/questions/574805/… Commented Aug 2, 2014 at 8:59
  • Yes, there is - it is called parameterized queries (addslashes is never correct for SQL) Commented Aug 2, 2014 at 9:08
  • @CharlotteDunois: Thank you so much for the link! Apparently I think I did str_replace before, but did not do correctly, hence the database show double quotes. Following the solution given in it, I managed to insert it correctly. Thanks for your help! Commented Aug 4, 2014 at 0:58
  • @user2864740 Yes, I found the solution already, but still, Thank you! Commented Aug 4, 2014 at 0:59
  • 1
    @Jolene Using a manual str_replace is also incorrect. Commented Aug 4, 2014 at 1:23

1 Answer 1

Reset to default
1

As a general rule, you'll want to use PDO for database access. It wraps the logic from various databases into a single API.

Not all files are included with PHP for using PDO. Specifically, you'll need the SqlSrv driver from Microsoft's site... however, version 3.0 only supports PHP 5.3 and 5.4. Older versions will need version 2.0.

PHP 5.5 needs an unofficial release modified from the source code on CodePlex.

Note: There does not seem to be driver files for other OSes.

You will need two files to php.ini for PDO support, but which two depends on if PHP is compiled as thread-safe and which PHP version it is.

PDO contains both methods to do prepared statements (recommended) and quote values.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Woah, I'm sorry but it's a little complicated for me. However, I tried str_replace and it worked perfectly. Thank you still!

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.