VBScript SQL sanitization
-
09-09-2019 - |
Question
Wary of Jeff Atwood's "Bathroom Wall of Code" post, I thought it would be useful to have a trustworthy SQL sanitisation function for VBScript, similar to PHP's mysql_real_escape_string()
function.
So, how can I properly sanitise data input into a SQL query using VBScript?
Solution
Don't do it. Use parameterized queries instead.
OTHER TIPS
Alternatively, use the Escape function as below
wscript.echo Escape(chrw(1023) & vbtab & vbnewline & " ")
which gives
%u03FF%09%0D%0A%20
. The reverse is UnEscape()
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow