Are there any differences between MSSQL and MySQL when it comes to preventing SQL injection?
- by Derek Adair
I am used to developing in PHP/MySQL and have no experience developing with MSSQL. I've skimmed over the PHP MSSQL documentation and it looks similar to MySQLi in some of the methods I read about.
For example, with MySQL I utilize the function mysql_real_excape_string(). Is there a similar function with PHP/MSSQL?
What steps do I need to take in order to protect against SQL injection with MSSQL?
What are the differences between MSSQL and MySQL pertaining to SQL injection prevention?