•  09-09-2019
  •  | 
  •  

Question

Wary of Jeff Atwood's "Bathroom Wall of Code" post, I thought it would be useful to have a trustworthy SQL sanitisation function for VBScript, similar to PHP's mysql_real_escape_string() function.

So, how can I properly sanitise data input into a SQL query using VBScript?

Was it helpful?

Solution

Don't do it. Use parameterized queries instead.

OTHER TIPS

Alternatively, use the Escape function as below

wscript.echo Escape(chrw(1023) & vbtab & vbnewline & " ")

which gives

%u03FF%09%0D%0A%20

. The reverse is UnEscape()

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top