Let’s see how we can prevent sql injection attacks in our applications when we are using PHP and Microsoft SQL Server:
1. Use prepared statements – sqlsrv_prepare.
2. Use parameterized queries – PDO.
3. Use stored procedures – mssql_execute.
4. Validate User Input – preg_match.
For maximum security try to use in your application as much as possible measures.