* @copyright 2011-2013 DjinnSoftWorks (DSW) * @license http://www.php.net/license/3_01.txt PHP License 3.01 */ /* * Verify the php_mssql libary is installed and enabled. * Stops script if mssql functions are missing */ if(!function_exists('mssql_connect')){ die("You must have the php_mssql library for Apache (win) or httpd " . "(Linux) installed and enabled to connect to an MSSQL database. " . "php.ini or configure your Linux Web Server to enable this extension. " . "This requires a restart of the Apache/httpd service to take effect."); } /* * Title : mssql_escape_string * * Description : * MSSQL Escape Function is an SQL Injection Prevention values from the $non_dispayebles array variable * of passing to your query's * Non Dispayables : * => url encoded 00-08, 11, 12, 14, 15 * => url encoded 16-31 * => 00-08 * => 11 * => 12 * => 14-31 * * Author : CodeIgniter by Rick Ellis * Remake : Aquiles dos Santos Crespo */ function mssql_escape_string($data) { if(!isset($data) or empty($data)){return '';} if(\is_numeric($data)){return $data;} $non_displayables = array('/%0[0-8bcef]/','/%1[0-9a-f]/','/[\x00-\x08]/','/\x0b/','/\x0c/','/[\x0e-\x1f]/'); foreach($non_displayables as $regex){$data = \preg_replace($regex,'',$data);} $data = \str_replace("'","''",$data); return $data; } // Database configuration parameters $db_host = 'Address Here'; $db_user = 'DB Login Here'; $db_pass = 'DataBase Password Here'; // Connect to MSSQL server $conn = \mssql_connect($db_host,$db_user,$db_pass) or die('Failed to connect to MSSQL Server, in the MSSQL DB conf File.');