MSSQL, PHP

How to prevent sql injection using PHP and SQL Server

Let’s see how we can prevent sql injection attacks in our applications when we are using PHP and Microsoft SQL Server:

1. Use prepared statements – sqlsrv_prepare.

2. Use parameterized queries – PDO.

3. Use stored proceduresmssql_execute.

4. Validate User Input – preg_match.

5. Escape user input – addslashesstr_replace or preg_replace quotes.

For maximum security try to use in your application as much as possible measures.