Posted By

elightbo on 02/20/07

Tagged

sql ASP

Versions (?)

Who likes this?

4 people have marked this snippet as a favorite

OPTICnerd
nelda751
ckayra
asifrizvigmailcom

asp replace characters for sql statements

/ Published in: ASP

functions for removing sql injection problems

Expand | Embed | Plain Text

function stripQuotes(strWords)
stripQuotes = replace(strWords, "'", "''")
end function 
 
function killChars(strWords) 
 
dim badChars 
dim newChars 
 
badChars = array("select", "drop", ";", "--", "insert", "delete", "xp_") 
//badChars = array("%20","%"," ","#","+","(",")","&","$","@","!","*","<",">","?","/","|","\",",","-",":")
newChars = strWords 
 
for i = 0 to uBound(badChars) 
newChars = replace(newChars, badChars(i), "") 
next 
 
killChars = newChars 
 
end function

Report this snippet Tweet

Comment:

You need to login to post a comment.

Posted By

Tagged

Versions (?)

Who likes this?

asp replace characters for sql statements

Related snippets

Choose a language for easy browsing: