In fact, the SQL injection vulnerability is not terrible. You can take full measures by understanding the principle and patience!
The following are four functions that are sufficient for your defense against all SQL injection vulnerabilities! You can understand the code.
You must filter all request objects, including request. cookie, request. ServerVariables, and other objects that are easy to ignore:
Function killn (byval s1) 'filters numeric parameters
If not isnumeric (s1) then
Killn = 0
Else
If s1 <0 or s1> 2147483647 then
Killn = 0
Else
Killn = clng (s1)
End if
End if
End function
Function killc (byval s1) filter currency Parameters
If not isnumeric (s1) then
Killc = 0
Else
Killc = formatnumber (s1, 2,-, 0, 0)
End if
End function
Function killw (byval s1) 'filters parameter types
If len (s1) = 0 then
Killw = ""
Else
Killw = trim (replace (s1 ,"'",""))
End if
End function
Function killbad (byval s1) filters all dangerous characters, including cross-site scripts
If len (s1) = 0 then
Killbad = ""
Else
Killbad = trim (replace (s1, Chr (10), "<br>"), Chr (34 ), ")," >", "& gt;"), "<", "& lt ;"),"&","&"), chr (39), "& #39"), chr (32), ""), chr (13 ),""))
End if
End function