Here are 4 functions that are enough to withstand all SQL injection vulnerabilities! Read the code and you can digest it.
Be careful to filter all Request objects: including Request.cookie, request. ServerVariables and so on are easily overlooked objects:
Program code
Copy Code code as follows:
Function Killn (ByVal s1) ' filter numeric parameter
if not IsNumeric (S1) then
killn= 0
Else
if s1〈0 or s1〉2147483647 then
killn=0
Else
killn=clng (S1)
End If
End If
End Function
Function KILLC (ByVal s1) Filter Currency parameters
If not isnumeric (S1) then
killc=0
Else
Killc=formatnumber (s1,2,-1,0,0)
End If
End Function
Function Killw (ByVal s1) ' Filter character parameters
If Len (S1) =0 then
killw= "
Else
Killw=trim (replace (S1," ', ""))
End If
End Function
Br>function Killbad (ByVal s1) filters all dangerous characters, including cross-site scripting
If len (S1) = 0 Then
killbad= ""
else
Killbad = Trim (r Eplace (replace (replace (replace (S1,CHR (10), 〈br〉), Chr (34), "" ")," "," > "," "" , "<"), "&", "&"), Chr (+), "'"), Chr (), ""), Chr (), ""))
End If
End Function