function FunSQL(StrValue,BloType)

if BloType then

if Isnumeric(StrValue) then 'If strvalue is a number then

FunSQL=clng(StrValue) 'Convert strvalue into an integer and give it to funsql

else 'If strvalue is not numeric, then

StrValue=0 'strvalue=0

else

if not isnull(StrValue) then 'If not empty then

StrValue=lcase(StrValue) 'The parameter is any valid string expression.

If the string parameter contains Null, return Null

StrValue=replace(StrValue,"select","") 'Replace StrValue containing select with null

StrValue=replace( StrValue,"update","") 'Replace StrValue containing update as empty

StrValue=replace(StrValue,"insert","") 'Replace StrValue containing insert as empty

StrValue=replace(StrValue,"delete","") 'Replace delete in StrValue with empty value

StrValue=replace(StrValue,";","") 'Replace StrValue in Contains; replace it with empty

StrValue=replace(StrValue," ","") 'Replace the content in StrValue with empty

StrValue=replace(StrValue,"*"," ") 'Replace the * in StrValue with empty space

StrValue=replace(StrValue,"%","") 'Replace the % in StrValue with empty space

StrValue=replace (StrValue,"'","") 'Replace the ' contained in StrValue with empty

end if

end if

FunSQL=StrValue 'Finally replace The value in StrValue is given to FunSQL

end function

FunSQL becomes a numerical value in the end

The above is when you want to check the user from ie When the browser submits the information, it can only be used when the user submits a number.

It does not have to be placed in conn.asp

Public Function ChkRStr(strV)

If (Not IsNull(strV)) Then

ChkRStr=Replace(strV,"'","

Else < /p>

ChkRStr=""

End If

End Function

The above replaces all single quotes in strV with