Are there any differences between SQL Server and MySQL when it comes to preventing SQL injection?

Question

I am used to developing in PHP/MySQL and have no experience developing with SQL Server. I\'ve skimmed over the PHP MSSQL documentation and it looks similar to MySQLi in some of

Answer 1

With MSSQL you can utilize stored procedures to reduce risk of sql injection. The stored procedures would accept input in various types, so it would be hard to pass in string with sql commands.

also check out http://msdn.microsoft.com/en-us/library/ms161953.aspx