In fact, SQL injection vulnerability is not scary, know the principle + patience carefully, you can be completely defensive.
Here are 4 functions that are enough to withstand all SQL injection vulnerabilities. Read the code and you can digest it.
Be careful to filter all Request objects: including Request.cookie, request. ServerVariables and so on are easily overlooked objects:
Function Killn (ByVal s1) ' Filters numeric parameters
If not IsNumeric (S1) Then
Killn=0
Else
If s1〈0 or s1〉2147483647 then
Killn=0
Else
KILLN=CLNG (S1)
End If
End If
End Function
Function Killc (ByVal s1) Filter Currency parameters
If not IsNumeric (S1) Then
Killc=0
Else
Killc=formatnumber (s1,2,-1,0,0)
End If
End Function
Function Killw (ByVal s1) ' Filters character parameters
If Len (S1) =0 Then
Killw= ""
Else
Killw=trim (replace (S1, "'", ""))
End If
End Function
Function Killbad (ByVal s1) filters all dangerous characters, including cross-station scripting
If len (S1) = 0 Then
Killbad= ""
Else
Killbad = Trim (replace (replace (replace (S1,CHR (10), "〈br〉"), Chr (34), "" ")," "," > ")," ["," < ")," & "," & "), Chr (+)," ' "), Chr (+)," "), Chr (13)," "))
End If
End Function
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.