|
Prevenire sql injection Utile funzione per poter prevenire attacchi sql-injection.
Function FiltraStringaSql(stringa)
stringa = Replace(stringa "'", "''")
stringa = Replace(stringa "%", "[%]")
stringa = Replace(stringa "[", "[[]")
stringa = Replace(stringa "]", "[]]")
stringa = Replace(stringa "_", "[_]")
stringa = Replace(stringa "#", "[#]")
FiltraStringaSql = stringa
End function
SQL = "SELECT * FROM tabella WHERE campo1 = '" & FiltraStringaSql(Request.form("campo1")) & "'"
|
|