I am trying to stop SQL injection attacks.
I have written the following function that will help filter out the commands.
But i can't get it to output the VAR.
+ i'm not sure if how i'm going to use this funiction again and again for dirrent fields
from request.form(). like username and password.
But first things first. Please can someone let me know why i can't get an output from the following:
badChars = array("select", "drop", ";", "--", "insert", "delete", "xp_", "=")
newChars = inputtext
for i = 0 to uBound(badChars)
newChars = replace(newChars, badChars(i), "")
response.write(inputtext & "done | ")
text1 = "Hello ' select bye"
response.write("CLEAN:" & newChars)