Posted By

elightbo on 02/20/07


Tagged

sql ASP


Versions (?)

Who likes this?

4 people have marked this snippet as a favorite

OPTICnerd
nelda751
ckayra
asifrizvigmailcom


asp replace characters for sql statements


 / Published in: ASP
 

functions for removing sql injection problems

  1. function stripQuotes(strWords)
  2. stripQuotes = replace(strWords, "'", "''")
  3. end function
  4.  
  5. function killChars(strWords)
  6.  
  7. dim badChars
  8. dim newChars
  9.  
  10. badChars = array("select", "drop", ";", "--", "insert", "delete", "xp_")
  11. //badChars = array("%20","%"," ","#","+","(",")","&","$","@","!","*","<",">","?","/","|","\",",","-",":")
  12. newChars = strWords
  13.  
  14. for i = 0 to uBound(badChars)
  15. newChars = replace(newChars, badChars(i), "")
  16. next
  17.  
  18. killChars = newChars
  19.  
  20. end function

Report this snippet  

You need to login to post a comment.