Tutorial :VBScript SQL sanitization



Question:

Wary of Jeff Atwood's "Bathroom Wall of Code" post, I thought it would be useful to have a trustworthy SQL sanitisation function for VBScript, similar to PHP's mysql_real_escape_string() function.

So, how can I properly sanitise data input into a SQL query using VBScript?


Solution:1

Don't do it. Use parameterized queries instead.


Solution:2

Alternatively, use the Escape function as below

wscript.echo Escape(chrw(1023) & vbtab & vbnewline & " ")  

which gives

%u03FF%09%0D%0A%20  

. The reverse is UnEscape()


Note:If u also have question or solution just comment us below or mail us on toontricks1994@gmail.com
Previous
Next Post »