6:[["$","$Le",null,{}],["$","div",null,{"className":"min-h-screen bg-gray-100 p-6","children":[["$","$Lf",null,{}],["$","script",null,{"type":"application/ld+json","dangerouslySetInnerHTML":{"__html":"{\"@context\":\"https://schema.org\",\"@type\":\"QAPage\",\"mainEntity\":{\"@type\":\"Question\",\"name\":\"VBScript SQL sanitization\",\"text\":\"

Wary of Jeff Atwood's \\\"Bathroom Wall of Code\\\" post, I thought it would be useful to have a trustworthy SQL sanitisation function for VBScript, similar to PHP's mysql_real_escape_string() function.

\\n\\n

So, how can I properly sanitise data input into a SQL query using VBScript?

\\n\",\"author\":{\"@type\":\"Person\",\"name\":\"ChristianLinnell\"},\"upvoteCount\":2,\"answerCount\":2,\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"

Don't do it. Use parameterized queries instead.

\\n\",\"author\":{\"@type\":\"Person\",\"name\":\"John Saunders\"},\"upvoteCount\":5}}}"}}],["$","div",null,{"className":"bg-white shadow-md rounded-lg p-6 mb-6 relative","children":[["$","div",null,{"className":"absolute top-4 right-4 flex flex-wrap space-x-2","children":[["$","span","sql",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/sql/1","children":"sql"}]}],["$","span","vbscript",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/vbscript/1","children":"vbscript"}]}],["$","span","sanitization",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/sanitization/1","children":"sanitization"}]}]]}],["$","div",null,{"className":"flex items-center mb-4","children":[["$","img",null,{"src":"https://www.gravatar.com/avatar/5e86ad41964dc6fb75884c74b647149d?s=256&d=identicon&r=PG","alt":"ChristianLinnell","className":"w-16 h-16 rounded-full border"}],["$","div",null,{"className":"ml-4","children":[["$","a",null,{"href":"https://stackoverflow.com/users/95231/christianlinnell","target":"_blank","rel":"noopener noreferrer","className":"text-lg font-semibold text-blue-600 hover:underline","children":"ChristianLinnell"}],["$","p",null,{"className":"text-sm text-gray-500","children":["Reputation: ",1398]}]]}]]}],["$","h1",null,{"className":"text-2xl font-bold text-gray-800 mb-4","children":"VBScript SQL sanitization"}],["$","p",null,{"className":"text-gray-700 mt-4","dangerouslySetInnerHTML":{"__html":"

Wary of Jeff Atwood's \"Bathroom Wall of Code\" post, I thought it would be useful to have a trustworthy SQL sanitisation function for VBScript, similar to PHP's mysql_real_escape_string() function.

\n\n

So, how can I properly sanitise data input into a SQL query using VBScript?

\n"}}],["$","div",null,{"className":"text-gray-600 text-sm mt-4","children":[["$","p",null,{"children":["Upvotes: ",2]}],["$","p",null,{"children":["Views: ",1489]}]]}]]}],["$","div",null,{"className":"container mx-auto","children":[["$","h2",null,{"className":"text-2xl font-semibold text-gray-800 mb-6","children":["Answers (",2,")"]}],[["$","div","948552",{"className":"bg-white shadow-md rounded-lg p-6 mb-6","children":[["$","div",null,{"className":"flex items-center mb-4","children":[["$","img",null,{"src":"https://i.sstatic.net/IOSXQ.jpg?s=256","alt":"bugmagnet","className":"w-12 h-12 rounded-full border"}],["$","div",null,{"className":"ml-4","children":[["$","a",null,{"href":"https://stackoverflow.com/users/426/bugmagnet","target":"_blank","rel":"noopener noreferrer","className":"text-lg font-semibold text-blue-600 hover:underline","children":"bugmagnet"}],["$","p",null,{"className":"text-sm text-gray-500","children":["Reputation: ",7769]}]]}]]}],["$","p",null,{"className":"text-gray-700 mb-4","dangerouslySetInnerHTML":{"__html":"

Alternatively, use the Escape function as below

\n\n

wscript.echo Escape(chrw(1023) & vbtab & vbnewline & \" \")\n

\n\n

which gives

\n\n

%u03FF%09%0D%0A%20\n

\n\n

. The reverse is UnEscape()

\n"}}],["$","div",null,{"className":"text-gray-600 text-sm","children":["$","p",null,{"children":["Upvotes: ",1]}]}]]}],["$","div","942430",{"className":"bg-white shadow-md rounded-lg p-6 mb-6","children":[["$","div",null,{"className":"flex items-center mb-4","children":[["$","img",null,{"src":"https://www.gravatar.com/avatar/1aa48f7606f5b08595b0a0356a61e8b6?s=256&d=identicon&r=PG","alt":"John Saunders","className":"w-12 h-12 rounded-full border"}],["$","div",null,{"className":"ml-4","children":[["$","a",null,{"href":"https://stackoverflow.com/users/76337/john-saunders","target":"_blank","rel":"noopener noreferrer","className":"text-lg font-semibold text-blue-600 hover:underline","children":"John Saunders"}],["$","p",null,{"className":"text-sm text-gray-500","children":["Reputation: ",161783]}]]}]]}],["$","p",null,{"className":"text-gray-700 mb-4","dangerouslySetInnerHTML":{"__html":"

Don't do it. Use parameterized queries instead.

\n"}}],["$","div",null,{"className":"text-gray-600 text-sm","children":["$","p",null,{"children":["Upvotes: ",5]}]}]]}]]]}],["$","div",null,{"className":"bg-white shadow-md rounded-lg p-6 mt-6","children":[["$","h2",null,{"className":"text-2xl font-semibold text-gray-800 mb-4","children":"Related Questions"}],["$","ul",null,{"className":"list-disc list-inside","children":[["$","li","35694203",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/35694203","className":"text-blue-600 hover:underline","children":"How to prevent SQL Injection when executing the script concatenated from parameter strings?"}]}],["$","li","21555627",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/21555627","className":"text-blue-600 hover:underline","children":"SQL Injection: Why is the following code dangerous?"}]}],["$","li","29485358",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/29485358","className":"text-blue-600 hover:underline","children":"Execute sql from vbscript"}]}],["$","li","25716071",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/25716071","className":"text-blue-600 hover:underline","children":"VBScript Invalid Character Error 800A0408 on SQL Insert"}]}],["$","li","24814731",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/24814731","className":"text-blue-600 hover:underline","children":"SQL and VBScript"}]}],["$","li","19415865",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/19415865","className":"text-blue-600 hover:underline","children":"VBscript/SQL concatenation of %"}]}],["$","li","17726082",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/17726082","className":"text-blue-600 hover:underline","children":"VBScript/SQL Formatting Issue"}]}],["$","li","16605583",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/16605583","className":"text-blue-600 hover:underline","children":"Convert Sql query into vb script"}]}],["$","li","11419655",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/11419655","className":"text-blue-600 hover:underline","children":"Regex for safe SQL insert"}]}],["$","li","11143764",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/11143764","className":"text-blue-600 hover:underline","children":"VBScript and SQL Server 2008 Questions"}]}]]}]]}]]}],["$","$L11",null,{}],["$","$L12",null,{}],["$","$L13",null,{}],["$","$L14",null,{}],["$","$L15",null,{}]]

VBScript SQL sanitization

Answers (2)

Related Questions