Home/ Questions/Q 152927
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-11T09:42:38+00:00

I’m looking for the alternative of mysql_real_escape_string() for SQL Server. Is addslashes() my best

  • 0

I’m looking for the alternative of mysql_real_escape_string() for SQL Server. Is addslashes() my best option or there is another alternative function that can be used?

An alternative for mysql_error() would also be useful.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. addslashes() isn’t fully adequate, but PHP’s mssql package doesn’t provide any decent alternative. The ugly but fully general solution is encoding the data as a hex bytestring, i.e.

    $unpacked = unpack('H*hex', $data); mssql_query('     INSERT INTO sometable (somecolumn)     VALUES (0x' . $unpacked['hex'] . ') ');

    Abstracted, that would be:

    function mssql_escape($data) {     if(is_numeric($data))         return $data;     $unpacked = unpack('H*hex', $data);     return '0x' . $unpacked['hex']; }  mssql_query('     INSERT INTO sometable (somecolumn)     VALUES (' . mssql_escape($somevalue) . ') ');

    mysql_error() equivalent is mssql_get_last_message().

    • 0