This article gives 4 functions, which is enough for you to resist all SQL injection vulnerabilities! If you understand the code, you can integrate.
Note that all Request objects are filtered: including request.cookie, request.servervariables, etc.
The code is as follows:
Function Killn (byvaln) 'Filter numerical parameters
if not isnumeric (s1) then
killn = 0
else
if s1 <0 or s1> 2147483647 then
killn = 0
else
killn = clng (s1)
end if
end if
end function
Function Killc (byvalc (byval s1) filtering currency parameters
if not isnumeric (s1) then
killc = 0
else
killc = Formatnumber (S1,2, -1,0,0)
end if
end function
Function killw (byval s1) 'filtering character parameter
if len (s1) = 0 then
killw =
else
killw = trim (replace (s1, ',))
end if
end function
Function Killbad (byval S1) filter all dangerous characters, including cross -site script
If len (s1) = 0 then
killbad =
else
Killbad = Trim (Replace (Replace (Replace (Replace (Replace (Replace (Replace (Replace (Replace (s1, chr (10), <br>), chr (34),>,>), <), <), & & , &), chr (39), '), chr (32),), chr (13),))
end if
end function