VB.NET Function to avoid sql server injection

SUBMITTED BY: fairuzzbdy

DATE: June 17, 2016, 8:46 a.m.

FORMAT: Text only

SIZE: 560 Bytes

Raw Download

HITS: 5558

Report
  1. Public Function strIns(ByVal varvalue As String) As String
  2. Dim objreplace As String
  3. If varvalue = "" Or varvalue Is Nothing Then
  4. objreplace = "' '"
  5. Else
  6. If varvalue = String.Empty Then
  7. objreplace = "' '"
  8. Else
  9. Dim newstr As String = varvalue.Replace("'", "''")
  10. varvalue = Nothing
  11. objreplace = "N'" & newstr & "'"
  12. newstr = Nothing
  13. End If
  14. End If
  15. Return objreplace
  16. End Function
comments powered by Disqus