3

How can i use real_escape_string in sqlsrv?

This is my code:

$uname = sqlsrv_real_escape_string($conn, trim($_POST['uname']));
$pass  = sqlsrv_real_escape_string($conn, trim($_POST['pword']));

but I recieve the following error:

undefined function sqlsrv_real_escape_string

Improve this question
4
  • 1
    This might be a duplicate to stackoverflow.com/questions/574805/… Commented Jun 22, 2017 at 6:05
  • 1
    If you use prepared statements with binds, this should solve a lot of the problems that real escape string is designed to cover. Commented Jun 22, 2017 at 6:18
  • 1
    In general *_escape_string is to wrong way to do escaping. You should use prepared statements with bind parameters and let the database handle all the escaping. Try looking into PDO Commented Jun 22, 2017 at 6:19
  • As far as I know they never cared writing such feature (probably because it's a modern extension and the functionality wouldn't specially useful). If it's important for you, you may want to try whether the PDO flavour implements PDO::quote(). Commented Jun 22, 2017 at 16:39

2 Answers 2

Reset to default
6

The SQL Server code makes prepared statements very easy to do:

$query = "SELECT * FROM users WHERE username=? AND password=?";
$parameters = [$_POST["uname"], $_POST["pword"]];
$result = sqlsrv_query($conn, $query, $parameters);

Simply replace your values with a ? and then pass them as an array (in order) as the third argument to sqlsrv_query().

(Not that you would ever store plaintext passwords in a databse, right?)

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

-2

I understand why you would want to use this to capture innocent ' and weed out SQL injections, but there is no such function sqlsrv_real_escape_string. You could make your own function or use preg_replace and add '\'. Just a thought.

Take a look at the answers to this question

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.