Use this function to replace the request, prevent SQL injection .Function SafeRequest (paraName, Paratype) 'paraName: Parameter name - Character type' Paratype: Parameter Type - Digital (1 means the above parameters are numbers, 0 means the above parameters are character)
Dim Paravalue Paravalue = Request (paraName) if parates = 1 Then if not isnumeric (Paravalue) Then response.write "& paraName &" must be digital! "Response.end end if else paravalue = replace (paravalue," "," '' ") End if Saferequest = ParavalueEnd Function
