Hola
Una función para eliminar todo aquello con lo que se puede atacar a tu bd
Código asp:
Ver originalDim str
Public Function Limpiar(strlimpiar,modolimpiar)
'modolimpiar = 0 Prepara strlimpiar para un login y evita sql injection
str = trim(strlimpiar)
Select Case modolimpiar
Case 0:
str = lcase(str)
str = replace(str," "," ")
str = replace(str,"=","")
str = replace(str,"'","")
str = replace(str,"""""","")
str = replace(str," or ","")
str = replace(str," and ","")
str = replace(str,"(","")
str = replace(str,")","")
str = replace(str,"<","[")
str = replace(str,">","]")
str = replace(str, "%", "")
str = replace(str, "*", "")
str = replace(str,"--","")
str = replace(str,"having ","")
str = replace(str,"group by","")
str = replace(str,"union select sum","")
str = replace(str,"union select min","")
str = replace(str,"select ","")
str = replace(str,"insert ","")
str = replace(str,"update ","")
str = replace(str,"delete ","")
str = replace(str,"drop ","")
str = replace(str,"-shutdown","")
str = replace(str, "iframe", "")
Case Else
str = strlimpiar
End Select
Limpiar = str
End Function
Suerte