Op Tweakers.net staat er een zeer goed artikel over SQL injectie en XSS, met PHP en MySQL voorbeelden:
A few days ago I had to set up a new environment for an old PHP application. The webserver runs on PHP 5.1.1, and could not be upgraded.
One of the databases is a MS SQL Server 2008. PHP has extensions for all kinds of databases, so I enabled php_mssql.dll in php.ini. When I tested the connection, I got a fatal error: Cannot connect to database…
Well, after a few hours of searching, I found this blog:
It describes perfectly my problem, and the solution. I downloaded MS SQL Server 2008, copied the file “ntwdblib.dll”, and replaced the two existing files in WAMP with the file I downloaded. After a restart of Apache, the MS SQL database was found.
It seems that PHP 5.1.1 (released november 2005) does not support more recent versions of MS SQL Server, but luckily there is a solution!
Thanks to all the bloggers out there, who make problem-solving a lot easier!