Are there any differences between SQL Server and MySQL when it comes to preventing SQL injection?

Question

I am used to developing in PHP/MySQL and have no experience developing with SQL Server. I\'ve skimmed over the PHP MSSQL documentation and it looks similar to MySQLi in some of

Answer 1

Parameterized queries are the way to go. The sqlsrv driver supports parameterized queries. Of course, this will only be useful to you if you are running PHP on Windows. On the chance that you are, there's more information (with examples) here: How and Why to Use Parameterized Queries.