I'm looking for the alternative of mysql_real_escape_string()
for SQL Server. Is addslashes()
my best option or there is another alternative function that can be used?
An alternative for mysql_error()
would also be useful.
In PHP, an escape sequence starts with a backslash \ . Escape sequences apply to double-quoted strings. A single-quoted string only uses the escape sequences for a single quote or a backslash.
The mysqli_real_escape_string() function is an inbuilt function in PHP which is used to escape all special characters for use in an SQL query. It is used before inserting a string in a database, as it removes any special characters that may interfere with the query operations.
Escaping is a technique that preserves data as it enters another context. PHP is frequently used as a bridge between disparate data sources, and when you send data to a remote source, it's your responsibility to prepare it properly so that it's not misinterpreted.
addslashes()
isn't fully adequate, but PHP's mssql package doesn't provide any decent alternative. The ugly but fully general solution is encoding the data as a hex bytestring, i.e.
$unpacked = unpack('H*hex', $data); mssql_query(' INSERT INTO sometable (somecolumn) VALUES (0x' . $unpacked['hex'] . ') ');
Abstracted, that would be:
function mssql_escape($data) { if(is_numeric($data)) return $data; $unpacked = unpack('H*hex', $data); return '0x' . $unpacked['hex']; } mssql_query(' INSERT INTO sometable (somecolumn) VALUES (' . mssql_escape($somevalue) . ') ');
mysql_error()
equivalent is mssql_get_last_message()
.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With