Scrub Single Quotes from All Querystring Values
Posted on 2007-12-06
Our website is written in ASP Classic and requires a large number of form inputs and querystring values. In order to prevent against SQL injection attack, I want to remove any single quotes when we request.form and request.querystring. Instead of performing a REPLACE function on every input and querystring individually, is there a way to group them all together to run the REPLACE function?
For example, say we have a querystring fields named buyer, seller, product. Instead of doing all three individually, like...Replace(request.querystring("buyer"), "'", "") Replace(request.querystring("seller"), "'", "") Replace(request.querystring("product"), "'", "")...is there a way to do all three at once?