'********************************************************
' SQL Injection QueryString Delete
'********************************************************
Function DB_String_Clear(str)
If Not IsNull(str) Then
str = My_ReplaceText(str,"'","''")
str = My_ReplaceText(str,";","")
str = My_ReplaceText(str,"--","")
str = My_ReplaceText(str,"select","")
str = My_ReplaceText(str,"insert","")
str = My_ReplaceText(str,"update","")
str = My_ReplaceText(str,"delete","")
str = My_ReplaceText(str,"drop","")
str = My_ReplaceText(str,"alter","")
str = My_ReplaceText(str,"create","")
str = My_ReplaceText(str,"union","")
str = My_ReplaceText(str,"having","")
str = My_ReplaceText(str,"shotdown","")
str = My_ReplaceText(str,"declear","")
str = My_ReplaceText(str,"xp_","")
str = My_ReplaceText(str,"sp_","")
str = Trim(str)
DB_String_Clear = str
Else
DB_String_Clear = ""
End If
End Function
Function My_ReplaceText(ByRef allText, ByVal findText, ByVal replaceText)
Dim regObj
Set regObj = New RegExp
regObj.Pattern = findText '패턴 설정
regObj.IgnoreCase = True '대소문자 구분 여부
regObj.Global = True '전체 문서에서 검색
My_ReplaceText = regObj.Replace(allText, replaceText)
End Function
