Home/ Questions/Q 6473357
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-25T06:27:25+00:00

New to web development and taking over someones code. They have a function to

  • 0

New to web development and taking over someones code. They have a function to prevent sql injection, for SQL Server database

function safe(val, maxsize)
   dim i,
   terms = array(
      "cast",
      "select",
      "varchar",
      "declare",
      "drop",
      ";",
      "--",
      "insert",
      "delete",
      "xp_"
   )
   val = left(val,maxsize)
   val = trim(val)
   for i = 0 to ubound(terms)
      val = replace(val, terms(i), "e_" & val & "_e", vbTextCompare)
   next
   val = replace(val, "'", "''")
   makesafe = val
end function

Hesitant to touch this, but is this missing anything? Seems occasionally they get hacked

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    following article should help :

    http://tugberkugurlu.com/archive/sql-injection-vs-lethal-injection-protection-against-sql-injection

    It is not good idea to go down this path with string.Replace

    • 0