Here are 4 functions that are enough to withstand all SQL injection vulnerabilities! Read the code and you can digest it.
Be careful to filter all Request objects: including Request.cookie, request. ServerVariables and so on are easily overlooked objects:
Copy Code code as follows:
Function Killn (ByVal s1) ' filter numeric parameter
if not IsNumeric (S1) then
killn= 0
Else
if s1<0 or s1>2147483647 then
killn=0
Else
killn=clng (S1)
End If
en D If
End Function
Function KILLC (ByVal s1) Filter Currency parameters
If not isnumeric (S1) then
Killc=0
E LSE
Killc=formatnumber (s1,2,-1,0,0)
End-if
End Function
Function Killw (ByVal s1) ' Filter character parameters
If Len (S1) =0 then
killw= "
Else
Killw=trim (replace (S1," ', ""))
End If
End Function
Function Killbad (ByVal s1) filters all dangerous characters, including cross-site scripting
If len (S1) = 0 Then
killbad= ""
Else
Killbad = tr IM (replace (replace (S1,CHR (), <br>), Chr, "" ")," > ",", " "," > ")," < "," < ")," & "," & "), Chr (+)," ' "), Chr ()," "), Chr," "))
End If
End Function