Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Public function preventSQLInjection(lstr)
- BlackList = Array("--", ";", "'", "/*", "*/", "@@", "@",_
- "alter ", "begin ", "create ", "cursor ",_
- "declare ", "delete ", "drop ", " end", "exec ",_
- "execute ", "fetch ", "insert ", "kill ", "open ",_
- "select ", "sysobjects", "syscolumns",_
- "table ", "update ", "=")
- preventSQLInjection = lstr
- For Each s in BlackList
- If ( InStr (lstr, s) <> 0 ) Then
- execSqlQuery "INSERT INTO AccesLogs (datetime,ip,action,comments) VALUES ('" & formatDate(date) & " " & formatTime(time) & "','" & request.ServerVariables("REMOTE_ADDR") & "','SQLINJ','" & replace(lstr,"'","''") & "')",connectionstring
- preventSQLInjection = "DONOTUSEIT"
- exit for
- End If
- Next
- end function
Add Comment
Please, Sign In to add comment