Below is a simple function that will give me some protection against an SQL Injection attempt and i am not sure if i create an array right for the vb.net and that is where i am getting an error msg. any clue would be appreciated.
'Function IllegalChars to guard against SQL injection
Function IllegalChars(ByVal sInput)
'Declare variables
Dim iCounter
'Set IllegalChars to False
IllegalChars = False
Dim sBadChars As Array
'Create an array of illegal characters and words
sBadChars=("select", "drop", ";", "--", "insert", "delete", "xp_", "#", "%", "&", "'", "(", ")", "/", "\", ":", ";", "<", ">", "=", "[", "]", "?", "`", "|")
'Loop through array sBadChars using our counter & UBound function
For iCounter = 0 To uBound(sBadChars)
'Use Function Instr to check presence of illegal character in our variable
If Instr(sInput, sBadChars(iCounter)) > 0 Then
IllegalChars = True
End If
Next
End Function
'Function IllegalChars to guard against SQL injection
Function IllegalChars(ByVal sInput)
'Declare variables
Dim iCounter
'Set IllegalChars to False
IllegalChars = False
Dim sBadChars As Array
'Create an array of illegal characters and words
sBadChars=("select", "drop", ";", "--", "insert", "delete", "xp_", "#", "%", "&", "'", "(", ")", "/", "\", ":", ";", "<", ">", "=", "[", "]", "?", "`", "|")
'Loop through array sBadChars using our counter & UBound function
For iCounter = 0 To uBound(sBadChars)
'Use Function Instr to check presence of illegal character in our variable
If Instr(sInput, sBadChars(iCounter)) > 0 Then
IllegalChars = True
End If
Next
End Function