Function RemoveSuspeitos(ByVal strTXT)
Dim txtAux As String
txtAux = strTXT
txtAux = Replace(txtAux, chr(34), "")
txtAux = Replace(txtAux, "'", "")
RemoveSuspeitos = txtAux
End Function
DB: MSSQL
1) Forget syntax errors in the above code, I am not expert in VB.
2) Lets say I always use single or double quotes, even for int values (e.g.: '" + $int_id + "').
Is this sanitization unsafe? If yes, why? Please show me a real exploit scenario.