«

»

Nov 24

Print this Post

SQL Injection Cleaner Function (clnSql)

Removes semicolon from string, replaces with colon. Removes single quote and replaces with double-single quote which is stored properly. Calls formatSqlDate() which properly formats dates for SQL.

function clnSQL(inData)
	if isnull(inData) then
		clnSQL = ""
	elseif inData = "" then
		clnSQL = ""
	elseif isDate(inData) then
		clnSQL = formatSqlDate(inData,inData)
	else
		clnSql = replace(inData,"'","''")
	end if
	clnSql = safeQuery(clnSql)
end function

Permanent link to this article: https://www1.wperry.net/code/clnsql/

Leave a Reply

Your email address will not be published. Required fields are marked *