Tag: sql server

Databases, Microsoft SQL Server

Retrieve useful information from SQL Server

Today we will see how can we retrieve various information from Microsoft SQL Server using SQL queries. Get all users: SELECT * FROM sys.server_principals;SELECT * fROM sys.server_principals; Get database size: USE master GO   EXEC sp_spaceuseduse master go exec sp_spaceused Get user privilleges for current database: USE master GO   SELECT SYSOBJECTS.name AS ‘objectname’, SYSUSERS.name …

MSSQL, PHP

How to prevent sql injection using PHP and SQL Server

Let’s see how we can prevent sql injection attacks in our applications when we are using PHP and Microsoft SQL Server: 1. Use prepared statements – sqlsrv_prepare. 2. Use parameterized queries – PDO. 3. Use stored procedures – mssql_execute. 4. Validate User Input – preg_match. 5. Escape user input – addslashes,  str_replace or preg_replace quotes. …