Archive for the ‘ SQL ’ Category

Make form input safe from SQL Injection

  • Add the following code to a global Function page or the header page

<%
Function clean(inputtext)
dim badChars
clean = inputtext
badChars = array("select", "drop", ";", "--", "insert", "delete", "xp_", "=", "'", ":")
for i = 0 to uBound(badChars)
clean = replace(clean , badChars(i), "")
next
end Function
%>

  • The following code is a static use of the Function

<%
RawText = "asdasd--ad;ddelete=,qw:"
CleanText = clean(RawText)
response.write(RawText & "<br>" & CleanText)
%>

  • output text will have none of the banned chars.

Print Friendly