In fact, SQL injection vulnerabilities are not terrible. If you know the principles + be patient and careful, you can completely prevent them! Below are 4 functions that are enough for you to resist all SQL injection vulnerabilities! If you understand the code, you can understand it.
Pay attention to filtering all request objects: including request.cookie, request.ServerVariables and other easily overlooked objects:
Copy the code code as follows:
function killn(byval s1) 'Filter numeric parameters
if not isnumeric(s1) then
killn=0
else
if s1<0 or s1>2147483647 then
killn=0
else
killn=clng(s1)
end if
end if
end function
function killc(byval s1) filters currency parameters
if not isnumeric(s1) then
killc=0
else
killc=formatnumber(s1,2,-1,0,0)
end if
end function
function killw(byval s1) 'Filter character parameters
if len(s1)=0 then
killw=
else
killw=trim(replace(s1,',))
end if
end function
function killbad(byval s1) filters all dangerous characters, including cross-site scripting
If len(s1) = 0 then
killbad=
else
killbad = trim(replace(replace(replace(replace(replace(replace(replace(replace(s1,Chr(10), <br>), Chr(34), ), >, >), <, <), & , &),chr(39),'),chr(32), ),chr(13),))
end if
end function