Code to guard against SQL injection attacks

SQL injection attacks are the main reason why SQL injection attacks succeed when using a design vulnerability to run SQL commands on a target server and other forms of attack, without validating data entered by the user when dynamically generating SQL commands. Like what:
If your query is a SELECT * from admin where username= ' "&user&" ' and password= ' "&pwd&" ' "
Well, if my username is: 1 ' or ' 1 ' = ' 1
So, your query will become:
SELECT * from admin where username= ' 1 or ' 1 ' = ' 1 ' and password= ' "&pwd& '"
This way your query is passed, so you can enter your admin interface.
Therefore, the user's input should be checked when guarding. Special-type special characters, such as single quotes, double quotes, semicolons, commas, colons, connection numbers, etc. are converted or filtered.
Special characters and strings that need to be filtered are:
NET user
xp_cmdshell
/add
EXEC Master.dbo.xp_cmdshell
net localgroup Administrators
Select
Count
Asc
Char
Mid
‘
:
"
Insert
Delete from
drop table
Update
Truncate
From
%
Here are two of my written on the solution to the injection-type attack prevention code, for everyone to learn the reference!
JS version of the prevention of SQL injection attack code ~:
[CODE START]
<script language= "JavaScript" >
<!--
var url = location.search;
var re=/^? (.*) (Select%20|insert%20|delete%20from%20|count (|drop%20table
|UPDATE%20TRUNCATE%20|ASC (|mid (|char) (|xp_cmdshell|exec%20master
|net%20localgroup%20administrators| "|:| Net%20user| ' | %20OR%20) (. *) $/gi;
var e = re.test (URL);
if (e) {
Alert ("The address contains illegal characters ~");
Location.href= "error.asp";
}
-->
<script>
[CODE end]
ASP version of the prevention of SQL injection attack code ~:
[CODE START]
<%
On Error Resume Next
Dim strtemp
If LCase (Request.ServerVariables ("HTTPS") = "Off" Then