does anyone have any methods that do not use sp (stored procedures) to prevent sql injection when dealing with php and mssql besides add slashes?