function just in favorite cabbage to see a SQL injection defense function, suddenly remembered to see these articles when there is always a problem, my defense of SQL injection is very simple, the following two functions:
'####
'##
' # # SQL injection Attack prevention device [character type]
'##
' # # @ Data-> processing
' # # @ length-> limit
'##
' # # Example: strSQL ("SQL character data", 50)
'##
function strSQL (data,length)
'########################################################################
If Length<>0 then Data=left (data,length)
Strsql= "'" &replace (data, "'", "" ") &" "
End Function
'####
'##
' # # SQL injection Attack prevention device [digital]
'##
' # # @ numeric-> Digital
'##
' # # Example: Intsql (50)
'##
' # # 2004/03/04, improved version, Reason: IsNumeric detection of MSSQL data types will be misjudged.
'##
function Intsql (Numeric)
'########################################################################
Dim mm_inttemp
On Error Resume Next
If numeric= "" then numeric=0
Mm_inttemp=csng (Numeric)
If Err=0 Then
Intsql=numeric
Else
Intsql=0
End If
End Function
The length of strSQL is not within the scope of defending SQL injection and is a small defense that I made in order to prevent the insertion of characters from exceeding the length of the field.
I see a wide variety of SQL injection defense functions on the web, so I'm curious that such a function is not defensive? Who knows the flaws of these two functions please let me know.