In fact, SQL injection vulnerabilities are not terrible. If you know the principle + be patient and careful, you can completely prevent them.
Below are 4 functions that are enough for you to resist all SQL injection vulnerabilities! If you understand the code, you can understand it.
Pay attention to filtering all request objects: including request.cookie, request.ServerVariables and other easily overlooked objects:
program code
Copy the code code as follows:
function killn(byval s1) 'Filter numeric parameters
if not isnumeric(s1) then
killn=0
else
if s1〈0 or s1〉2147483647 then
killn=0
else
killn=clng(s1)
end if
end if
end function
function killc(byval s1) filters currency parameters
if not isnumeric(s1) then
killc=0
else
killc=formatnumber(s1,2,-1,0,0)
end if
end function
function killw(byval s1) 'Filter character parameters
if len(s1)=0 then
killw=""
else
killw=trim(replace(s1,"'",""))
end if
end function
function killbad(byval s1) filters all dangerous characters, including cross-site scripting
If len(s1) = 0 then
killbad=""
else
killbad = trim(replace(replace(replace(replace(replace(replace(replace(replace(s1,Chr(10), "〈br〉"), Chr(34), """), "〉", "> "), "〈", "<"), "&", "&"),chr(39),"'"),chr(32)," "),chr(13),""))
end if
end function