Microsoft sqlsrv extension for php 5.5.x

php sqlsrv
Gavin picture Gavin · Sep 10, 2013 · Viewed 18k times · Source

We are running php 5.3.27 on Windows, nts.

We just failed a PCI scan due to a session fixation vulnerability in PHP and need to regain PCI compliance.

It is a little frustrating, as we use session_regenerate_id() after login, so in my eyes (perhaps I am wrong) our application is not vulnerable even if php is.

To pass the scan we need to upgrade to php 5.5.2.

We use the sqlsrv driver extension from Microsoft, and I notice that they have not released a build for php 5.5.x

Does anyone have a production viable solution for this issue?

______update___________

I have found this http://social.msdn.microsoft.com/Forums/sqlserver/en-US/e1d37219-88a3-46b2-a421-73bfa33fe433/unofficial-php-55-drivers-x86 which is a non vendor build.

Has anyone used this build in production?

Thanks

Answer

mkaatman picture mkaatman · Sep 10, 2013

There's an unofficial driver. Not sure if that will pass PCI.

http://social.msdn.microsoft.com/Forums/sqlserver/en-US/e1d37219-88a3-46b2-a421-73bfa33fe433/unofficial-php-55-drivers-x86

Related questions

Connecting php 7.2 to MS SQL using sqlsrv

I'm trying to get a connection to MS SQL up and running via PHP on my machine. I'm running IIS, have PHP 7.2 installed and MS SQL Express 2017. I have my basic web page running but when I click to open …

Read More
PHP sqlsrv query to database

I am migrated from MySQL to MS SQL Server, and trying to fetch all data from the routines table. I am connected but unsure how to fetch data with sqlsrv. This is how far I have came: $conn_array = array ( "…

Read More
How to execute a stored procedure in php using sqlsrv and "?" style parameters

I've looked over several other questions that seem (from the titles) the same as this. However, my case is a bit different. The following works (i.e. I get "success" and my database performs what I expect when running the …

Read More