Three illegal SQL injection characters for filtering illegal SQL characters

'**************************************************
' Function name: R
' Parameters: Strchar-----The characters to filter
' Return value: Filtered character
'**************************************************

Public Function R (Strchar)
If Strchar = "" Or IsNull (strchar) Then R = "": Exit Function
Dim Strbadchar, Arrbadchar, Tempchar, I
' Strbadchar = ' $,#, ',%,^,&,?, (,), <,>,[,],{,},/,,;,:, "& Chr (+) &", & Chr (0) & ""
Strbadchar = "+, ',--,%,^,&,?, (,), <,>,[,],{,},/,,;,:," & Chr (+) & ", & Chr (0) &" "
Arrbadchar = Split (Strbadchar, ",")
Tempchar = Strchar
For I = 0 to UBound (Arrbadchar)
Tempchar = Replace (Tempchar, Arrbadchar (I), "")
Next
Tempchar = Replace (Tempchar, "@@", "@")
R = Tempchar
End Function
' Filter XSS
Function CHECKXSS (ByVal strcode)
Dim Re
Set re=new REGEXP
Re. IgnoreCase =true
Re. Global=true
Re. Pattern= ". [^>]* (Style) .> "
Strcode = Re. Replace (Strcode, "")
Re. Pattern= "< (a.[^>]*|/a|li|br| B|/li|/b|font. [^>]*|/font) > "
Strcode=re. Replace (Strcode, "[$]")
Strcode=replace (Replace (Strcode, "<", "<"), ">", ">")
Re. Pattern= "[(a.[^]]*|/a|li|br| B|/li|/b|font. [^]] *|/font)] "
Strcode=re. Replace (Strcode, "<$1>")
Re. Pattern= ". [^>]* (On (Load|click|dbclick|mouseover|mouseout|mousedown|mouseup|mousewheel|keydown|submit|change|focus)). > "
Strcode = Re. Replace (Strcode, "")
Set re=nothing
Checkxss=strcode
End Function

Anti-SQL illegal character injection two

Function Filterids (ByVal strids)
Dim Arrids,i,strreturn
Strids=trim (Strids)
If Len (strids) =0 Then Exit Function
Arrids=split (Strids, ",")
For i=0 to Ubound (arrids)
If chkclng (Trim (Arrids (i)) <>0 Then
Strreturn=strreturn & "," & Int (Arrids (i))
End If
Next
If Left (strreturn,1) = "," Then strreturn=right (Strreturn,len (Strreturn)-1)
Filterids=strreturn
End Function

Filter SQL injection Character selector

' **************************************************
Function name: R
' function: Filtering illegal SQL characters
' parameter: Strchar-----characters to filter
' return value: Filtered character
' **************************************************

Public Function R (Strchar)
If Strchar = "" Or IsNull (strchar) Then R = "": Exit Function
Dim Strbadchar, Arrbadchar, Tempchar, I
' Strbadchar = ' $,#, ',%,^,&,?, (,), <,>,[,],{,},/,,;,:, "& Chr (+) &", & Chr (0) & ""
Strbadchar = "+, ',--,%,^,&,?, (,), <,>,[,],{,},/,,;,:," & Chr (+) & ", & Chr (0) &" "
Arrbadchar = Split (Strbadchar, ",")
Tempchar = Strchar
For I = 0 to UBound (Arrbadchar)
Tempchar = Replace (Tempchar, Arrbadchar (I), "")
Next
Tempchar = Replace (Tempchar, "@@", "@")
R = Tempchar
End Function

SQL anti-injection Four

Function Checksql ()' Prevent SQL injection
Dim Sql_injdata
Sql_injdata = "' |and|exec|insert|select|delete|update|count|*|%| Chr|mid|master|truncate|char|declare "
Sql_inj = Split (Sql_injdata, "|")
If request.querystring<> "" Then
For each sql_get in Request.QueryString
For Sql_data=0 to Ubound (Sql_inj)
If InStr (Request.QueryString (Sql_get), Sql_inj (sql_data)) >0 Then
Response.Write "<script language= ' JavaScript tutorial ' >{alert (' Do not include illegal characters in Parameters!) '); History.back ( -1)}</script> "
Response.End
End If
Next
Next
End If
If request.form<> "" Then
For each sql_post in Request.Form
For Sql_data=0 to Ubound (Sql_inj)
If InStr (Request.Form (Sql_post), Sql_inj (sql_data)) >0 Then
Response.Write "<script language= ' JavaScript ' >{alert (' Do not include illegal characters in Parameters! '); History.back ( -1)} </Script> "
Response.End
End If
Next
Next
End If
End Function